ISO 45001:2018

Occupational Health & Safety

Management System
ISO 45001:2018
The concept of Occupational Health & Safety
THE COMPANY HAS TO
PROTECT ITS WORKERS…
▪ 2,5 million deaths/ year due to
work related accidents or
diseases
▪ 374 million work-related injuries
and diseases/ year
HISTORY OF HEALTH
AND SAFETY
19th Century – first legislation in UK

1950 – International Labor Organization

& World Health Organization – provide a
definition for OH&S
ISO 45001:2018
The Standard
ISO 45001:2018
▪ Publication: March 2018
▪ Applicable to any organization, regardless of sector or size
▪ The result of international cooperation with more than 70
countries actively involved

www.iso.org
ABOUT OF ISO 45001…
▪ High Level Structure (like ISO 9001 or ISO
14001)
▪ Chapter 4 – 10 include actual requirements
▪ All requirements are mandatory
▪ First international standard that sets
requirements for an occupational health &
safety management system
ISO 45001:2018
1. Scope
2. Normative references
3. Terms and definitions
4. Context of the organization
5. Leadership and worker participation
6. Planning
7. Support
8. Operation
9. Performance evaluation
10. Improvement
ABOUT OF ISO 45001…
▪ High Level Structure (like ISO 9001 or ISO
14001)
▪ Chapter 4 – 10 include actual requirements
▪ All requirements are mandatory
▪ First international standard that sets
requirements for an occupational health &
safety management system
▪ OHSAS 18001 - withdrawn
ISO 45001:2018
Occupational Health & Safety Management
System
OH&S MANAGEMENT SYSTEM
Management System = set of interrelated
or interacting elements of an organization
to establish policies and objectives and
processes achieve the objectives.
Purpose of OH&S Management system –
to provide a framework for managing risks
and opportunities to prevent injuries and
ill health and provide safe and healthy
workplaces
SUCCESS FACTORS
▪ Involvement of top management
▪ Effective communication processes
▪ Resources available
▪ Integration with business processes
PLAN. DO. CHECK. ACT
Plan – identify and assess risks and
opportunities, establish objectives and processes

Do – implement the processes, as planned

Check – monitor, measure and report results

Act – improve performance

ISO 45001:2018
4.1. Understanding the organization and its
context
ORGANIZATIONAL CONTEXT

The organization shall determine internal and

external issues that are relevant to its purpose
and that affect its ability to achieve the
intended outcomes of the OH&S management
system.
EXTERNAL AND INTERNAL ISSUES
Examples of external issues:

▪ Economic situation;
▪ Political situation;
▪ Social aspects;
▪ Legal framework;
▪ Competition;
▪ Natural surroundings;
▪ Knowledge …
EXTERNAL AND INTERNAL ISSUES
Examples of internal issues:

▪ Organization structure;
▪ Strategy and objectives;
▪ Capabilities;
▪ Relation with workers;
▪ Organizational culture;
▪ Contractual relationships;
▪ Working arrangements and conditions …
ISO 45001:2018
4.2. Understanding the needs and
expectations of workers and other interested
parties
THE NEEDS AND EXPECTATIONS OF
INTERESTED PARTIES

- Determine interested parties.

- Identify their most relevant needs and
expectations.
- Determine which needs and expectations
are or can become legal and other
requirements.
EXAMPLES OF INTERESTED PARTIES
▪ Workers;
▪ Authorities;
▪ Local community;
▪ Subcontractors and suppliers;
▪ Customers;
▪ Unions and worker organizations;
▪ Non-governmental organizations;
▪ Parent organizations;
▪ Shareholders;
▪ Medical and emergency services;
▪ OH&S organizations ….
ISO 45001:2018
4.3. Determining the scope of the OH&S
management system
THE SCOPE
Scope = boundaries and applicability of the OH&S management system.
The scope can cover all activities and locations or only some.
Needs to be documented.
The scope can change in time.

vs
ISO 45001:2018
5.1. Leadership and commitment
TOP MANAGEMENT INVOLVEMENT

Top management is required to:

- Take responsibility and accountability for

prevention of injuries and ill health;
▪ 2,5 million deaths/
- Formulate year due
the OH&S to and objectives;
policy
work related health
- Integrate accidents orsafety in business
and
diseases
processes;
▪ 374 million work-related
- Communicate injuries
and drive awareness;
and diseases/ year
- Encourage and support others to demonstrate
leadership.
ISO 45001:2018
5.2. OH&S Policy
OH&S POLICY
▪ Commitment to provide safe and
healthy working conditions;
▪ Commitment to fulfill legal and
other requirements;
▪ Commitment to eliminate
hazards and reduce risks;

▪ Commitment for continual improvement;

▪ Commitment for consultation and participation of
workers.
OH&S POLICY
 Appropriate to the purpose, the size and context of
the company
 Specific to the nature of the OH&S risks and
opportunities
 Clear, simple and easy to understand
 Documented
 Communicated internally
 Available to interested parties as appropriate
 Relevant
ISO 45001:2018
5.3. Organizational roles, responsibilities and
authorities
ROLES, RESPONSIBILITIES,
AUTHORITIES
Top management should ensure that responsibilities
and authorities for relevant roles are assigned,
communicated and maintained as documented
information.

Workers at all levels shall assume responsibility for

health and safety aspects under their control.
 ROLES, RESPONSIBILITIES,
AUTHORITIES

Top management has overall responsibility for OH&S

but
Every individual has to take account of his own health and
safety and the health and safety of others
ROLES, RESPONSIBILITIES,
AUTHORITIES
One or several individuals – responsible for the
OH&S management system
(ensure the OH&S system conforms to requirements
and report on performance)
ISO 45001:2018
5.4. Consultation and participation of workers
CONSULTATION AND
PARTICIPATION
The organization is required to establish,
implement and maintain processes for the
consultation and participation of workers at all
levels and functions.
- Define mechanisms, provide time, training
and resources
- Provide clear and understandable
information
- Remove barriers and obstacles
CONSULTATION AND
PARTICIPATION
Consultation of non-managerial workers:

- Determining needs and expectations of interested parties;

- Establishing the OH&S policy;
- Assigning organizational roles, responsibilities and authorities;
- Determining how to fulfill legal requirements;
- Establishing OH&S objectives and plans for achievement;
- Determining controls for outsourcing, procurement and
contractors;
- Determining what needs to be monitored, measured and
evaluated;
- Planning, establishing and implementing the internal audit
programme;
- Ensuring continual improvement.
CONSULTATION AND
PARTICIPATION
Participation of non-managerial workers: Big focus on consultation
and participation of
- Determining the mechanisms for consultation and workers in ISO 45001
participation;
- Identifying OH&S hazards, determining risks and
opportunities;
- Determining competence requirements, training needs
and evaluating training;
- Determining what and how needs to be communicated;
- Defining controls to address OH&S risks;
- Investigating incidents, nonconformities and defining
corrective actions.
CHAPTER 5 – LEADERSHIP AND
WORKER PARTICIPATION
Top management needs to:
 demonstrate leadership and commitment for the
OH&S management system
 ensure the OH&S policy is established and
communicated
 assign and communicate OH&S responsibilities and
authorities for relevant roles
 establish effective processes for the communication
and participation of workers
ISO 45001:2018
6.1. Actions to address risks and opportunities
 Determine and assess OH&S risks and
opportunities but also other risks and
opportunities (related to the establishment,
implementation, operation and maintenance of
the management system)
ISO 45001:2018
6.1.2.1. Hazard identification
HAZARD & RISK

Hazard – a source with the

potential to cause injury and ill
health

Risk – the chance that a hazard will

actually cause harm to somebody
HAZARD IDENTIFICATION

The organization shall establish, implement

and maintain an ongoing and proactive
process for hazard identification.
 HAZARD IDENTIFICATION
Hazards:
 Physical (related to environmental factors)
 Chemical (refer to chemical substances)
 Biological
 Psychosocial (usually about stress inducing situations)
 Mechanical (related to machinery and equipment)
 Electrical (related to electricity)
HAZARD IDENTIFICATION
Aspects to take into consideration:

 How work is organized

 Social factors
 Routine and non-routine activities
 Infrastructure, equipment, materials …
 Design of work areas
 Physical conditions
 Situations or conditions outside the workplace
 Health and safety incidents
 People with access to the workplace
 Emergency situations
 Human behavior
 Workers in other locations
 HAZARD IDENTIFICATION
Methods:
 Observation
 Discussions 4 categories:
 Review of documents
 Equipment
 Work task
 Work environment
 Worker
*EHS Guidelines (International Finance Corporation)
HAZARD IDENTIFICATION
Hazard identification shall keep up with changes
and knowledge
ISO 45001:2018
Assessment of risks and opportunities
RISK ASSESSMENT

The organization shall establish, implement and

maintain a process to assess the OH&S risks from
the hazards identified as well as the other risks
related to the management system
RISK ASSESSMENT

RISK = SEVERITY x PROBABILITY (x EXPOSURE)

Probability
Severity
High (3) Medium (2) Low (1)
Major (3) 9 6 3
Serious (2) 6 4 2
Slight (1) 3 2 1
OTHER RISKS

Examples:
- no visible support from top management;
- lack of motivation;
- not enough resources;
- no enough trained personnel;
- too complicated management system…
OPPORTUNITY ASSESSMENT

Criteria:
- Resources required;
- Potential benefits;
- Ease of implementation…
ISO 45001:2018
6.1.3. Determination of legal requirements
and other requirements
LEGAL & OTHER REQUIREMENTS
The organization has to establish, implement and
maintain a process for:
- Identifying and providing access to legal and other
requirements
- Determining how requirements apply and what
needs to be communicated
- Take the requirements in consideration in the OH&S
management system
- Retain documented information
LEGAL & OTHER REQUIREMENTS
Legal requirements: legislation, directives, orders,
authorizations, permits, licenses, court decisions,
collective bargaining agreements ….
Other requirements: agreements with partners, OH&S
initiatives, public commitments, agreements with
customers or suppliers, agreements with parent
organization…
ISO 45001:2018
6.2. OH&S Objectives and planning to achieve
them
OH&S OBJECTIVES

The organization shall establish objectives at

relevant functions and levels, in order to maintain
and continually improve the OH&S management
system and OH&S performance.
OH&S OBJECTIVES
- Take into account risks and opportunities
and results of worker consultation;
- Be measurable (as possible);
Strategic
- Be consistent with the OH&S policy;
- Be monitored for achievement;
- Be updated as appropriate; Tactical
- Be communicated.
Operational
PLANNING TO ACHIEVE OBJECTIVES
- What will be done;
- What resources are required;
- Who is responsible;
- When the objectives will be completed;
- How results are evaluated
- How the actions to achieve objectives will be integrated in the
business processes

… documented information on objectives and the

plans for their achievement
CHAPTER 6 - PLANNING
- Determine risks and opportunities
- Process for hazard identification (ongoing and
proactive)
- Assessment of risks and opportunities
according to a methodology
- Identification of legal and other requirements
applicable
- Setting OH&S objectives and planning for their
achievement
ISO 45001:2018
7.1. Resources. 7.2. Competence.
7.3. Awareness
RESOURCES
The organization has to determine and provide the resources
needed for the establishment, implementation, maintenance and
continual improvement of its OH&S management system
 COMPETENCE
The organization has to:
- determine the competence needed for
workers that can affect OH&S performance Competence = ability to
apply knowledge and skills
- ensure workers do have required to achieve intended results
competence
- take actions to help acquire needed
competence and evaluate the effectiveness
of those actions
 COMPETENCE
Competence requirements depend on: duties, work environment,
OH&S hazards and risks, controls, legal requirements, potential
consequences of non-compliance …

Fill the gap Training

between Mentoring
existing and
required Recruiting
competence Changing responsibilities

Evaluate effectiveness and

retain documented information
 AWARENESS
Workers should be aware of:
- OH&S risks and controls;
- OH&S policy and objectives;
- Personal contribution to the OH&S management system;
- Consequences of not complying to requirements;
- OH&S incidents and outcomes of investigations;
- Remove from dangerous situations.
 AWARENESS
Awareness methods:
- training;
- health and safety campaigns;
- newsletters and bulletins;
- incentive programs and rewards ….

Awareness also for visitors,

contractors, interested parties….
ISO 45001:2018
7.4. Communication
INTERNAL & EXTERNAL
COMMUNICATION
The organization needs to establish processes for internal and
external communication.
- On what?
- When?
- With whom?
- How?
INTERNAL COMMUNICATION
Internal communication:
- OH&S hazards and risks
- Controls implemented
- Legal and other requirements Internal communication should be a
2-way process
- Results of incident investigation
- Changes
- OH&S performance…
EXTERNAL COMMUNICATION

Respond to communications from

outside
+
Provide information according to
legislation and internal regulations

… documented information as evidence

of communication (in any form)
ISO 45001:2018
7.5. Documented information
DOCUMENTED INFORMATION
Documented information is required to support
the OH&S management system.

“maintain” = documents
“retain” = records

How much documentation?

…It depends
DOCUMENTED INFORMATION
Risks & Opportunities
Scope OH&S Policy + methodology for
assessment

Legal and other OH&S Objectives Evidence of

requirements and plans competence

Planning and
Evidence of Operational planning
response to
communication and control
emergencies

Monitoring,
Compliance
measurement, analysis Internal audits
and evaluation evaluation

OH&S incidents,
Management + documentation
nonconformities,
review corrective actions considered necessary
CREATING AND UPDATING
Identification and description (title, author,
reference number, code …)
Appropriate format (language, graphic
elements…)
Appropriate media (paper, electronic)

New or revised documents have to be reviewed

and approved for suitability and adequacy
before issue
CONTROL OF DOCUMENTED
INFORMATION
Distribution, access, retrieval and use
Storage and preservation
Control of changes
Retention and disposition

External origin documents –

identification and controlled distribution
CHAPTER 7 - SUPPORT
- Resources for the OH&S management system
have to be available
- Determine needed competence and act to fill
the gap between existing and required
competence
- Ensure the awareness of workers
- Establish, implement and maintain effective
communication processes
- Documented information that supports the
OH&S management system shall be controlled
ISO 45001:2018
8.1. Operational planning and control
OPERATIONAL CONTROLS

Purpose: eliminate health & safety

hazards, or if not possible, reduce the risks
as low as reasonably practicable.
HIERARCHY OF OH&S CONTROLS
Elimination

Substitution

Engineering
Effectiveness

controls

Administrative
controls

Personal
protective
equipment
OPERATIONAL CONTROLS

Personal protective
equipment (PPE) should not
be the first option
OPERATIONAL CONTROLS

https://www.ifc.org/wps/wcm/connect/topics_ext_content/ifc_
external_corporate_site/sustainability-at-ifc/policies-
standards/ehs-guidelines
CHANGE MANAGEMENT

Review planned changes before

implementation

Review consequences of unintended

changes
ISO 45001:2018
8.1.4. Procurement
 PROCUREMENT

The organization shall establish, implement and

maintain a process(es) to control the procurement
of products and services
PROCUREMENT
Using contractors does not transfer
responsibility for OH&S

The organization has to verify the capability of

its subcontractors (e.g. competence, training,
resources, equipment, work preparation,
experience, procedures, plans, management
system …)
Coordination with contractors
 CONTRACTING VS. OUTSOURCING

Contracting - usually refers to hiring an outside company to do a

specific job that cannot be handled internally (i.e. cleaning,
maintenance, etc)
(activities outside the OH&S management system scope)

Outsourcing - functions and processes that can be performed

internally, but the company decides to outsource to external
parties
(activities inside the OH&S management system scope)
 CONTROLS FOR OUTSOURCING

▪ Contractual requirements
▪ Audits and inspections by or on behalf of the
organization
▪ Setting and following KPIs
▪ Experience and qualifications of the external provider
▪ Requests to provide documented information, etc
ISO 45001:2018
8.2. Emergency preparedness & response
EMERGENCY PREPAREDNESS
AND RESPONSE
The organization shall establish, implement and maintain
a process(es) needed to prepare for and respond to
potential emergency situations
EMERGENCY PREPAREDNESS
AND RESPONSE
Identification of emergency situations (natural disasters, technical
emergencies, man-made disasters, etc)
(fire, flood, explosions, gas emissions, landslides, civil unrest,
terrorism, equipment failure, etc)
PLANS FOR EMERGENCY
SITUATIONS
Develop plans for emergency situations aimed at limiting the impact,
protecting the life and health of individuals and providing first aid.
Plans should include:

- who coordinates the response

- who to contact
- materials and equipment
- emergency exits
- storage of hazardous substances
- how to limit the impact
TRAINING, COMMUNICATION
AND TESTING OF PLANS
The response in case of a real emergency should
be effective from the first time.

- Train staff
- Communicate to contractors, visitors, others
- Test plans and evaluate response
- Improve plans
+ maintain and retain documented information
RECAPITULATION – CHAPTER 8
- OPERATION
 Operational planning and control – control
operations to eliminate OH&S hazards and, where not
possible, reduce risks (+ control changes)
 Control procurement of products and services +
contractors and outsourcing
 Prepare for emergency situations and test the plans
periodically
ISO 45001:2018
9.1. Monitoring, measurement, analysis and
performance evaluation
MONITORING, MEASUREMENT,
ANALYSIS
The organization shall define a process that details:
- What needs to be monitored and measured
- Methods for measuring, monitoring, analysis and
performance evaluation
- Criteria to evaluate performance
- When to measure and monitor
- When the results from monitoring and measuring will be
analyzed, evaluated and communicated
WHAT TO MONITOR AND
MEASURE?
- The extent to which legal and other
requirements are fulfilled
- Activities and operations related to identified
hazards, risks and opportunities
- The progress towards achieving the OH&S
objectives
- Effectiveness of operational controls
KPI – KEY PERFORMANCE
INDICATORS
Examples:
▪ Number of work related accidents
▪ Percentage of workers that received OH&S training
▪ Number of work hours lost due to injury or illness
▪ Days since last work related accident
▪ Number of complaints
▪ Costs associated to OH&S related activities
▪ Number of nonconformities
▪ Number of corrective actions implemented
successfully
▪ Number of observed unsafe behavior cases
▪ Number of early retirements
KPI – KEY PERFORMANCE
INDICATORS
Examples:
LTIFR (Lost Time Injury Frequency Rate)

No. of injuries for a period

X 200.000
Total hours worked

Severity Rate

No. of work days lost due to injury or illness

X 200.000
Total number of hours worked
 PERFORMANCE EVALUATION

Criteria for performance evaluation:

Industry statistics;
Benchmarking;
Past performance ….

If equipment is used it needs to be

calibrated and/ or verified as required

Documented information (results of monitoring,

measurement, analysis and evaluation +
calibration/ verification of equipment
ISO 45001:2018
9.1.2. Evaluation of compliance
COMPLIANCE EVALUATION
The organization shall establish, implement and maintain a process for
evaluating compliance with legal requirements and other requirements.

- Determine frequency and methods

- Take action in response to the results
- Maintain knowledge and
understanding of compliance status
- Retain documented information
COMPLIANCE EVALUATION
Can be done by internal or contracted personnel.
Can be integrated with other standards ISO 14001, ISO 50001 …

Frequency – decided by the

organization (linked to changes, results of
past evaluations, importance of requirements)

Documented information: checklist

+ report
ISO 45001:2018
9.2. Internal audit
INTERNAL AUDIT
The purpose of internal audits is to ensure that the OH&S
management system conforms to requirements, is effectively
implemented and maintained

Internal audit programme –

the planning of internal audits
for a given period of time
(usually one year)
AUDIT TEAM

- One or several auditors

- Internal or external
- Competent (knowledge of ISO 45001 +
understand the OH&S hazards and risks of the
organization)

- Independent
 AUDIT DOCUMENTS
⃝ Audit plan: audit objectives; audit scope; audit criteria;
schedule of audit activities
⃝ Checklists
⃝ Audit report – summarizing the results of the audit

Audit results –
communicated to top
management, workers
and other interested
parties
 INTERNAL AUDIT
ISO 19011:2011 – Guidelines for auditing management
systems

www.iso.org
ISO 45001:2018
9.3. Management review
MANAGEMENT REVIEW
Meeting with the purpose to ensure that the OH&S
management system continues to be suitable,
adequate and effective.

Management review
meetings – at planned
intervals
 INPUT ELEMENTS
Topics for the management review:

- Status of actions from previous meetings

- Changes in internal and external issues
- Extent to which OH&S policy and objectives have been
met
- Information on the OH&S management system
- Adequacy of resources
- Communication(s) with interested parties
- Opportunities for improvement…
 OUTPUT ELEMENTS
Outputs from the management review include
decisions related to: Relevant outputs shall be
communicated to workers
and worker representatives
- The suitability, adequacy, effectiveness of the OH&S
management system
- Opportunities for improvement
- Need for changes
Documented information
- Resources required
- Actions to be taken
- Opportunities to improve the integration with other
business processes
- Implications for the strategic direction of the
company…
 RECAPITULATION – CHAPTER 9
- PERFORMANCE EVALUATION
 Monitoring, measurement, analysis and evaluation – to
ensure the OH&S management system is effective and
achieves intended results.
 Evaluation of compliance – the company needs to
evaluate its compliance with legal and other requirements
 Internal audits – performed at planned intervals
 Management review meetings – to ensure the OH&S
management system continues to be suitable, adequate
and effective
Next Chapter (10) – Improvement
ISO 45001:2018
10.2. Incident, nonconformity and corrective
action
MANAGEMENT OF INCIDENTS
AND NONCONFORMITIES
The organization shall establish, implement and maintain a
process(es) for reporting, investigating and taking action on
incidents and nonconformities.

Nonconformity Incident
Occurrence arising out of, or
Non-fulfillment of a in the course of work that
requirement could or does result in injury
and ill health

Work accident = incident with injury or ill health

“Near–miss” (“close-call” or “near-hit”) – incident
without injury or ill health
MANAGEMENT OF INCIDENTS
AND NONCONFORMITIES
Actions in case of incident or nonconformity:

- React in time (to control the situation and deal with

consequences)
- Investigate (to identify causes)
- Implement corrective actions (to prevent re-
occurrence)
- Retain documented information (nature of incidents
and nonconformities; actions taken their
effectiveness)
- Communicate results of investigation (to workers,
worker representatives, other interested parties)
ISO 45001:2018
10.3. Continual improvement
CONTINUAL IMPROVEMENT
- Promote a culture that values OH&S;
- Promote consultation and participation of workers
- Improve knowledge
- Participate in OH&S projects, groups, forums;
- Improve communication
- Adopt new technology, materials;
- Automate processes the reduce human error …..

Sources: audit results, worker suggestions,

benchmarking, brainstorming, literature,
monitoring and measuring results, etc
ISO 45001:2018
Key changes compared to OHSAS 18001
 ISO 45001 VS OHSAS 18001

ISO 45001:2018 OHSAS 18001:2007

International Standard British Standard
High Level Structure - facilitates
integration with other MS standards
(e.g. ISO 9001, ISO 14001 …)
ISO 45001 VS OHSAS 18001

New concepts and requirements (compared to OHSAS 18001)

- Context of the organization
- Actions to address risks and opportunities
- Opportunities as a concept
ISO 45001 VS OHSAS 18001

Changes (compared to OHSAS 18001)

Documents and records become “documented information”
No specific requirement for a management representative
Specific requirements for contractors and outsourcing
Preventive actions no longer present
ISO 45001 VS OHSAS 18001

Key aspects in ISO 45001

Leadership and commitment of top management
Worker consultation and participation
ISO 45001:2018
Certification of the OH&S Management
System to ISO 45001
MANAGEMENT SYSTEM
CERTIFICATION
Certification = confirmation from a third party that the OH&S
management system conforms to the requirements of ISO 45001.

- Initial certification audit – Stage 1 and Stage 2

- Certification cycle – 3 years with 2 planned
surveillance audits
- Recertification audit – in the third year
- Accreditation – attestation that a certification
body meets requirements for conducting audit
and certification activities
MIGRATION FROM OHSAS 18001
TO ISO 45001
3-year migration period (until March 2021)

Steps for migration:

- Become familiar with ISO 45001 requirements
- Gap analysis
- Update OH&S management system
- Perform at least one internal audit and one
management review
- Discuss arrangement with the certification body
ISO 45001:2018
Source: www.iso.org