ISO 45001: Understanding the New International Standard for Occupational Health and Safety

A summary of the enhanced features of ISO 45001 and references to materials that can help understanding and implementation

BSI

May 7, 2018

Organizations worldwide recognize the need to provide a safe and healthy working environment, reduce the likelihood of accidents, and demonstrate they are actively managing risks. ISO 45001 will provide an internationally accepted framework that will help protect employees as well as protect the longevity and health of an organization. The standard is flexible and can be adapted to manage occupational health and safety in a wide range of organizations.

ISO 45001 is also based on the International Organization for Standardization's high level structure (HLS) for management system standards. This article provides you with a summary of the enhanced features of ISO 45001 from OHSAS 18001 and references to materials that can help with both understanding and implementation.

Key requirements of ISO 45001

Clause 1: Scope
This establishes the requirements for the management system and the intended outcomes. ISO 45001 is aimed at not only providing a framework for an occupational health and safety management systems (OH&S MS) but on the explicit prevention of work-related injury and ill health, and the provision of safe and healthy workplaces.

Clause 2: Normative references
There are no normative references. This clause was retained simply to maintain consistent numbering across all ISO management system standards.

Clause 3: Terms and definitions
There are a number of new and revised definitions from OSHAS 18001. Some of the key terms are fundamental to the requirements of the standard—such as “consultation—seeking views before making a decision.”

Clause 4: Context of the organization
New from OSHAS 18001 but part of the HLS, this clause “sets the scene” for the organization and the scope and boundaries for the OH&S MS. Importantly, ISO 45001 should be aligned to the strategic direction of the organization, embedding OH&S management into the core business functions rather than as a standalone discipline. Within this clause, the organization has to determine the internal and external factors that may affect its ability to achieve the intended outcomes of its OH&S MS. Externally, there may be issues such as socioeconomic and political instability; internally, it may be involve issues such as restructuring, acquisitions, or new products.

The organization is also required to determine the needs and expectations of “interested parties” with regard to the OH&S MS. Those who have an interest in the outcomes of the OH&S MS—workers, shareholders, legal authorities, contractors etc.—must be considered. How could political insecurity or an organizational restructure put workers health and safety at risk? Or provide an opportunity to improve the workplace? The final scope for the OH&S MS must be documented.

Click here for a clause-level comparison of the two standards.

Clause 5: Leadership and worker participation
Top management in ISO 45001 is responsible and accountable for the prevention of work-related injury and ill health as well as the provision of safe and healthy workplaces. It should also be noted that leadership and culture are identified as potential hazards later in the standard (6.1.2.1a). Top management must ensure that a process for consultation and participation with workers is established. It is also top management’s responsibility to establish, implement, and maintain the health and safety policy. The required contents for the policy include elements such as a commitment to consultation and participation of workers. Consultation and participation of workers (including non-managerial workers) is significantly enhanced from OSHAS 18001, which was limited to participation in hazard identification and consultation on changes. In ISO 45001 the organization is now required to provide the mechanisms, time, training, and resources for consultation and participation of workers. This includes removing any barriers such as language, literacy, or fear of reprisals.

Clause 6: Planning
Alignment to the HLS structure has seen planning split in a slightly unusual way. To incorporate the HLS and the aim of the OH&S management system, risk and opportunities have been broken into two elements:

1. Assessment of OH&S risks and other risks to the management system
• OH&S risks use the “traditional” likelihood × severity.
• Risks to the management system are those more traditionally related to business risk (e.g., effect of uncertainty) such as peaks in work flow and restructuring, as well as external issues such as economic change.

2. Assessment of OH&S opportunities and other opportunities to the OH&S management system
• OH&S opportunities are circumstances that can lead to improvement of OH&S performance. This includes adapting work to workers, eliminating hazards, and other opportunities for improving the OH&S management system, such as implementing ISO 45001. Importantly, risks and opportunities shall be determined before planned change. There is also increased emphasis on identifying hazards associated with mental ill health such as workload, bullying, and the leadership and culture of the organization. Additionally, the identification of hazards has to start at the conceptual design stage as well as the ongoing life cycle of workplace, facility, equipment, processes, activity, and so forth. The principles of horizon scanning are also introduced within this clause.

Clause 7: Support
This clause begins with a requirement that organizations shall determine and provide the necessary resources to establish, implement, maintain, and continually improve the OH&S management system. These cover human resources, natural resources, infrastructure, and financial resources. ISO 45001 uses the term “documented information,” instead of “documents” and “records” as used in OSHAS 18001. This reflects modern types and uses of information—cloud based, multi-media, etc.

Clause 8: Operation
This clause is significantly enhanced from OSHAS 18001. Not only does it remove the “option” of using the hierarchy of controls, instead making its use a specific requirement, it introduces new sub-clauses on procurement and change. Organizations will need to plan how to implement change in a manner that does not introduce new (i.e., unforeseen) hazards or increase the OH&S risks, while also identifying the opportunities for improving OH&S performance that the change may enable. The new sub-clause on procurement provides recognition that the risks related to the supply chain are most effectively managed when they are taken into account at the very first stages of procurement—pre-tender and tender. With ISO 45001, organizations have to establish procurement processes that conform to the OH&S MS, including defining OH&S criteria for the selection of contractors. New within this section is outsourcing. A responsible organization will establish control of those outsourced functions to achieve the intended outcomes of the OH&S MS. Controls can include things such as procurement and contractual requirements, training, and inspections.

Clause 9: Performance evaluation
The key change here is that this operational area in OSHAS 18001 was referred to as a “procedure;” in ISO 45001 it now must be a “process.” Although the introduction of “processes” is a reflection of the alignment to the HLS, it also reflects the fact that an effective OH&S MS is a continually improving process. A process is a cycle, and therefore it should reflect a plan, do, check, act (PDCA) cycle and not be static. Therefore, ISO 45001 requires processes for consultation and participation, planning, hazard identification, assessment of risk, and operational control. Management reviews have to consider risks, opportunities, and trends in aspects such as consultation and participation of workers to ensure it is happening effectively, which is part of their leadership responsibility.

Clause 10: Improvement
Gone from ISO 45001 is the OSHAS 18001 requirement related to “preventative action” because the whole of ISO 45001 is about prevention. Also in this clause is the requirement to eliminate the root causes of incidents and non-conformities, reflecting the overall aim of the standard to prevent injury and ill health and provide safe and healthy workplaces.

ISO-45001
Since the publication of ISO 45001, OHSAS 18001 has been withdrawn and there will be a three-year period of migration allowed for organizations already certified to OHSAS 18001 to upgrade their OH&S management system. (Click here for a clause-level comparison of the two standards.)

About The Author

BSI’s picture

BSI

BSI (British Standards Institution) works with more than 80,000 clients in 172 countries to help them adopt and cultivate the habits of excellence. Clients are trained and provided with practical guidance for implementation alongside a suite of compliance tools. BSI is assessed and accredited by more than 26 accreditation bodies including ANSI-ASQ National Accreditation Board (ANAB) and United Kingdom Accreditation Service (UKAS). BSI’s influence plays a key role within the International Organization for Standardization (ISO). As one of the founding members, it ensures that international standards address business and societal needs, while delivering real benefits to organizations.