An Occupational Health and Safety Management System (OHSMS) is a fundamental part of an organization's risk management strategy. Implementing an OHSMS enables an organization to:
- Protect its workforce and others under its control
- Comply with legal requirements
- Facilitate continual improvement
ISO 45001 is the internationally recognized standard for an OHSMS. While it shares some content and requirements with its predecessor, OHSAS 18001, the ISO 45001 standard adopts the Annex SL top-level framework of all new and revised ISO management system standards.
ISO 45001 can be aligned with other management systems standards, such as ISO 9001:2015 and ISO 14001:2015. ISO 45001 was published in March 2018.
Below are key requirements and differences from OHSAS 18001.
ISO 45001 Standard – Key Areas and Organization Context
ISO 45001 places a strong focus on an organization’s context. It requires the organization to consider what stakeholders expect from it in terms of occupational health and safety management. The organization must determine which interested parties are relevant to its OHSMS and also determine the relevant requirements of those interested parties.
The intent of ISO 45001 is to provide an organization with a high-level understanding of the important issues that can affect it either positively or negatively and how it manages its occupational health and safety responsibilities towards its workers.
Issues of interest are those that affect the organization’s ability to achieve its intended outcomes. These include the objectives it has set for its OHSMS, such as meeting its OHS policy commitments.
Top management must now demonstrate its involvement and engagement with the OHSMS through direct participation, taking OHS performance into account in strategic planning.
Top management must also contribute to the effectiveness of the OHSMS by playing an active role in directing, supporting and communicating with workers, and promoting and leading organizational OHSMS culture.
This new standard clearly defines the requirements for top management responsibility and accountability regarding occupational health and safety management. This is to ensure that ultimate responsibility cannot be delegated to health and safety or other managers within an organization.
Participation and Consultation
The standard requires the organization’s top management to encourage consultation with, and participation from workers and their representatives, as these are key factors in OHS Management.
Consultation implies two-way communication – dialogue and exchanges – and involves the timely provision of the information that workers and their representatives require before the organization can make a decision.
The OHS management system depends on worker participation, which enables workers to contribute to decision making regarding OHS performance and provide feedback on proposed changes.
The organization must encourage workers at all levels to report hazardous situations, so that preventive measures can be put in place and corrective action taken. Workers must also be able to report and suggest areas of improvement without fearing dismissal, disciplinary action or similar reprisals.
Risk-Based Approach to the OHSMS
Closely aligned with the focus on organizational context is the requirement to adopt a risk-based approach when developing and implementing an OHSMS. An organization must identify the risks and opportunities that it must address to ensure that the OHSMS can achieve its intended outcomes.
These risks and opportunities include those relevant to, or determined by its organizational context. The organization must plan actions that address these risks and opportunities, implement them into its OHSMS processes and evaluate the effectiveness of these actions.
The standard requires an organization to ensure that outsourced processes affecting its OHSMS are defined and controlled. When outsourced products and/or services supplied are under the control of the organization, supplier and contractor risk must be managed effectively.
The term "documented information" is used instead of "documents and records", which was present in OHSAS 18001. Evidence from processed information not held in a formal document system, such as electronic information held on smart phones and tablets, is now accepted.
Migrating from OHSAS 18001 to ISO 45001
The deadline for the migration from accredited OHSAS 18001 certification to ISO 45001 finished on September 30, 2021. So, from now on, all organizations that have not performed the migration must apply for an initial audit against ISO 45001.