Smoothing the transition to ISO 45001

ISO45001 Transition Gap Analysis Tool

15 March 2021 | Guidance and reference source for making the transition to ISO 45001.

ISO 45001 is an international standard that specifies requirements for an OHSMS (Occupational Health & Safety Management System). It aims to enable organizations to better manage their OHS risks and improve their OHS performance. Above all, a management system based on its requirements can help to ensure that workers are healthier and safer, while sustaining financial viability / profitability at the same time. ISO 45001 is intended to be applicable to any organization - regardless of its size, type or nature.

ISO 45001 is the first, certifiable ISO (International Standards Organisation) standard for an OHS management system. Previously, organizations have based their systems on national standards such as AS/NZS 4801 or the widely adopted BS/OHSAS 18001.

While a number of organizations have already made the transition, there are still many yet to do so. So, if your management system is based on one of those earlier standards and you're looking to transition to ISO 45001, this document is for you.

The table below illustrates the clause structure of ISO 45001 in the context of the PDCA cycle – starting at clause 4 (that's the first clause specifying a requirement).

PDCA Cycle

ISO 45001 Clause 4: Context of the organization

4.1 Understanding the organization and its context.

4.2 Understanding the needs and expectations of workers and other interested parties.

4.3 Determining the scope of the OH&S management system.

4.4 OH&S management system.

There were general requirements in earlier standards relating to the scope of the OHS management system, but this clause is essentially new. It's one of the main events in the transition to ISO 45001. In particular, it introduces requirements to understand the context of the organization and its interested parties. It suggests a strong correlation between the management system and wider business planning activities.

ISO 45001 Clause 5: Leadership and worker participation

5.1 Leadership and commitment.

5.2 Policy.

5.3 Organizational roles, responsibilities and authorities.

5.4 Consultation and participation of workers

The most closely related clauses in earlier OHS management system standards, include:
AS/NZS 4801:2001 & OHSAS 18001:2007 - Clause 4.4.1 RESOURCES, ROLES, RESPONSIBILITY, ACCOUNTABILITY & AUTHORITY.

The most significant changes for ISO 45001 can be summarised as:

  • 5.1 Leadership and commitment.
    Greater emphasis is placed on the role of top management. There are requirements for top management to demonstrate leadership and commitment and be accountable for the effectiveness of the OHSMS. This suggests that a more hands-on approach is expected.
  • 5.2 OHS policy.
    ISO 45001 includes additional commitments to providing safe and healthy working conditions for the prevention of work-related injury and ill-health, to eliminating hazards and reducing OH&S risks, and to consultation with and participation of workers, and workers representatives (if any). A requirement is introduced that the policy is appropriate to the context of the organization.
  • 5.3 Organizational roles, responsibilities and authorities.
    The requirement for a specific management representative for OHS is no longer specified.
  • 5.4 Consultation and participation of workers.
    ISO 45001 includes more detailed requirements - such as to provide time, training and resources. There are now specific requirements to ensure that information is clear and understandable, and to remove obstacles to worker participation - such as language barriers.

ISO 45001 Clause 6: Planning

6.1 Actions to address risks and opportunities.

6.2 OH&S objectives and planning to achieve them.

OHS management system standards have always included requirements for planning. Related clauses in earlier OHS management system standards include:

  • AS/NZS 4801:2001 Clause 4.3.1 Planning identification of hazards, hazard / risk assessment and control of hazards / risks, 4.3.3 Objectives and targets, and clause 4.4.6 Hazard identification, hazard / risk assessment and control of hazards / risks.
  • OHSAS 18001 Clause 4.3.1 Planning for hazard identification, risk assessment and risk control, clause 4.3.3 Objectives and programme(s) and clause 4.4.6 Operational Control.

The most significant changes for ISO 45001 can be summarised as:

ISO 45001 requires the maintenance of documented information on Risks / Opportunities and the processes and actions needed to determine them.

The "Planning" clause in earlier standards usually included a section on "Legal and other requirements". While that remains in ISO 45001 clause 6, it perhaps reinforces the previous references to the (legal) context of the organization and the needs and expectations of interested parties in clause 4.

Requirements for objective planning are tightened up. An objective should include a description of who is responsible, what is the target, when is it planned to be achieved. Progress must be monitored. Objectives must be set for relevant processes. Your organization must consider how the action(s) it takes to realize its objectives can be integrated into its business processes.

ISO 45001 Clause 7: Support

7.1 Resources.

7.2 Competence.

7.3 Awareness.

7.4 Communication.

7.5 Documented information.

Clause 7 in ISO 45001 broadly equates to various requirements from clause 4.4 - Implementation and operation in older standards such as BS OHSAS 18001 and AS/NZS 4801. In addition, there are a number of changes and enhanced requirements. These include:

  • There is a clarification of the scope of application to 'workers'. That means we need to consider not just direct employees but others such as volunteers, contract workers, or anyone that needs to be at the workplace.
  • Requirements for communication (in clause 7.4) are considerably reworded and expanded Interestingly, there is a new requirement to ensure that the information communicated is consistent with that generated within the OHSMS, and is reliable. So, there should only be one version of the truth - and if an environmental communication proves to be 'unreliable' that would presumably constitute a nonconformity.
  • ISO 45001 uses the term 'documented information' to combine what was previously referred to as documents, records and document control. Documented information is part of the common terminology adopted by the latest generation if ISO management system standards. However, this is a good point to reiterate that it is not mandatory to adopt that terminology within your own management system. If the older - or some other - terminology suits you better, then that is your choice to make.
  • There are more detailed requirements for awareness - which was not so well addressed (if at all) in earlier standards.
  • There are more detailed requirements for documented information relating to both competency and awareness.
  • The requirements for control of documents information are expanded to mention issues such as confidentiality, access, and (data) integrity. This suggests an adoption of information security considerations in recognition of the increasing use of electronic documents / data.

ISO 45001 Clause 8: Operation

8.1 Operational planning and control.

8.2 Emergency preparedness and response.

This clause replaces a couple of similar clauses in earlier standards. It is divided into two sub-clauses, and their differences from earlier standards is summarised as:

8.1 Operational planning and control.
This clause is considerably reworded and expanded from the equivalent clause 4.4.6 in earlier standards. It includes sub-clauses with specific requirements to control different aspects of procurement. This reflects the global trend towards outsourcing. In addition, there have been some subtle changes to the hierarchy of controls for the elimination of hazards and reduction of OHS risks. Management of change is also considered here. Where an organization operates in a multi-employer workplace, there is a requirement to co-ordinate with the other organizations on the site.

8.2 Emergency preparedness and response.
This is broadly similar to the requirements of clause 4.4.7 in earlier standards, but has more specific requirements for planning, communication, training, and documented information.

ISO 45001 Clause 9: Performance evaluation

9.1 Monitoring, measurement, analysis and performance evaluation.
9.2 Internal audit.
9.3 Management review.

This clause largely equates to components of Checking and Management review clauses in earlier standards. However, there are some additional requirements. Notably, ISO 45001 requires organizations to evaluate their compliance with legal and other requirements and to retain the results of that evaluation as documented information (records). There are also expanded requirements for management review inputs or agenda.

ISO 45001 Clause 10: Improvement

10.1 General

10.2 Incident, nonconformity and corrective action.

10.3 Continual improvement.

This clause relates to clause 4.5.3 in earlier standards (including the lengthy titled "Incident investigation, Nonconformity, Corrective action and Preventive action" from OHSAS 18001. Notable changes include:

  • Specific reference to preventive action in older standards has been removed. The concept of identifying potential problems and taking action to prevent them from occurring is widespread throughout ISO 45001. However, it is referred to in terms of risk. The new clause 6.1 Actions to address risk and opportunities is particularly relevant.
  • The standard now includes additional requirements for determining opprtunities for improvement.
  • The standard now includes new requirements for continual improvement of the OHSMS.
  • The clause structure is laid out differently.
  • When reviewing incidents and nonconformities to evaluate whether corrective action is warranted, it must be done with the appropriate consultation and participation of workers and involvement of other relevant interested parties.

 Your next step in the transition to ISO 45001?

The first step in developing or updating a management system is to identify any gaps between what is currently in place, and the new requirements. This is known as a Gap Analysis. Qudos has successfully provided Gap Analysis services to a wide range of clients over many years. This service is available to help your organization transition to ISO 45001 standard. An experienced lead auditor will review your current management system and interview key personnel involved in relevant areas of your organization. Including:

  • Existing documents / methods of managing work processes
  • The requirements of the new standard in the context of your operations
  • The gaps between existing arrangements and those requirements
  • A strategy to eliminate those gaps and update the system with a process and risk management approach

A report will be provided with a detailed a gap analysis against the standard - together with possible options to address any gaps identified. This may be used as a dynamic tool in the development of your system.

The Qudos Gap Analysis service also offers two unique advantages.

  1. Complimentary membership to Qudos Club – the extensive online resource library for Quality, OHS, Environment, and Information Security management. Packed with guidance material and template documents, Qudos Club offers a powerful solution to developing, expanding, or just updating your system.
  2. $600 discount on a new Qudos 3 IMS Software installation. Qudos 3 IMS Software is the all-inclusive solution for operating your management system - offering an absolutely unrivalled combination of functionality and features for long-term efficiency and effectiveness.

Contact us now to discuss how we can help with your transition to ISO 45001.

Qudos 3 IMS software for a Faster, Better, Smarter Management System.

Qudos 3 IMS software
Qudos3_Injury_Pie_Chart
Qudos3_OHS_Actions_List