Exploring ISO 45001 compliance

In this article we will be exploring ISO 45001 compliance and how we support businesses in adhering to the clauses set out in this popular standard.

The International Organisation for Standardisation (ISO) released the ISO 45001 international standard for “Occupational Health and Safety (OH&S)” Management System in 2018. The standard replaced OHSAS 18001 and permits management system integration with other ISO standards, including ISO 9001, ISO 22301, ISO 27001 and ISO 45001.

ISO 45001 offers a framework for businesses to raise worker safety, lower hazards, and increase general wellbeing. It fits the same high-level framework as other ISO standards, such ISO 9001 and ISO 14001, and can be adopted by organisations of all sizes and in any industry. It can also be integrated into an existing management system.

Compliant has supported a range of businesses to implement ISO 45001 both as an individual management system and as part of an integrated management system.

Implementing a health and safety management system such as ISO 45001 enables an organisation to identify the key problems that may influence, the achievement of health and safety objectives.

There is no requirement to pursue ISO 45001 certification, and many businesses choose to adopt the standard’s good practice principles as a roadmap for conducting business operations in the safest possible way.

In an earlier article we explore ISO 45001 principles which may prove a helpful guide when choosing whether or not to invest in the standard.

ISO 45001 compliance

ISO 45001 compliance and the clauses within the standard:

ISO 45001 sets out the criteria for a health and safety management system. The standard covers several topics which are common across other standards. These include:


When adhering to clause 1: Scope businesses must lay out the specifications for an occupational health and safety (OH&S) management system and offer instructions for its application. These instructions must enable organisations to provide safe and healthy workplaces by proactively enhancing their OH&S performance and preventing work-related injury and illness.

The document or documents provided as evidence for this clause must show a business’ commitment to improve occupational health and safety, eliminate hazards and reduce OH&S risks, take advantage of OH&S opportunities, and address OH&S management system nonconformities related to its activities. Compliant will review what documents and processes a business already has in place and identify how this can contribute to ISO 45001 compliance.

The evidence provided for this clause should aid a company in achieving the goals set out in its OH&S management system.

Regardless of its size, nature, or activities businesses must provide evidence for this clause, taking into account elements like the environment in which the organisation operates and the requirements and expectations of its employees and other interested parties. Compliant provide a professional stakeholder analysis document that can be edited and used as evidence to support this element.

Context of the organisation

Under clause 4.1 within the standard; “The organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its OH&S management system.”

The standard explains that businesses must analyse the relevant needs and expectations of workers and other interested parties and must evaluate all internal and external influencing factors. As part of the evidence to support this clause and adhere to ISO 45001 compliance, Compliant work with clients to complete:

  1. A stakeholder analysis – as explained above a professional template is provided with a list of stakeholders that can be edited accordingly;
  2. A SWOT analysis – to review and document the Strengths, Weaknesses, Opportunities and Threats for a business;
  3. A PESTLER – to review and document the Political, Economic, Sociological, Technological, Legal, Environmental and Reputational factors affecting a business.

As part of Compliant’s ongoing support package these documents are reviewed annually ahead of surveillance audits with clients to ensure they are up-to-date and accurate.

Leadership and worker participation

Under clause 5 of ISO 45001 top management must demonstrate leadership and commitment to the OH&S management system.

The standard explains that evidence must be provided to show top management as “taking overall responsibility and accountability for the prevention of work-related injury and ill health, as well as the provision of safe and healthy workplaces and activities and ensuring that the OH&S policy and related OH&S objectives are established and are compatible with the strategic direction of the organization.”

As part of this clause top management must also demonstrate effective communication of the standard, what it means for the business, who is responsible for which areas and where team members can find the health and safety policy. Compliant provide a templated communication matrix that businesses can use to effectively communicate the standard including where to find relevant documents. It is recommended that policies are displayed somewhere prominent in offices and warehouses and that the location of these policies are communicated (in an evidencable way to all relevant stakeholders).

The documents listed above as well as a “RACI” (which standards for responsible, accountable, consulted, and informed) act as evidence to support this clause. Within the RACI employees and top management are identified and provided with comprehensive details on who is responsible, accountable, consulted, and informed on operational activities within the business.

Every task needs at least one responsible party. The overall aim of this is to ensure accountability and evidence this.

All Compliant clients are provided with competency support as part of this clause including our BSI Trained Lead Auditor’s certificates.


Under clause 6 the standard explains that “When planning for the OH&S management system, the organization shall consider the issues referred to in 4.1 (context), the requirements referred to in 4.2 (interested parties) and 4.3 (the scope of its OH&S management system) and determine the risks and opportunities that need to be addressed.”

To ensure ISO 45001 compliance and that enough evidence is provided for this element of the standard Compliant provide a proven objectives, opportunities, and risks tracker. This document is reviewed with clients ahead of audits and for those ongoing support clients annually as part of our pre-surveillance work.

This is an extremely useful document that determines risks and opportunities for businesses and gives assurance that the OH&S management system can achieve its intended outcome. The aim is to proactively identify risks and hazards, reduce risks and hazards by implementing mitigating actions and promote continuous improvement. The identification of these risks and hazards must also consider emergency situations.

A RAG system is shown within our objectives, opportunities, and risks tracker to display how mitigating actions both in normal and abnormal situations can reduce risks and hazards.

As part of this clause Compliant also provide a business continuity plan and templates for change management to aid businesses undergoing any major changes.


Under clause 7 ‘Support’ “The organization shall determine and provide the resources needed for the establishment, implementation, maintenance and continual improvement of the OH&S management system.”

This means ensuring the competency of team members including their ability to identify hazards based on education, training and/or experience. This can be evidenced by providing staff training records and/or CVs. It is also recommended that a training matrix be developed to provide a snapshot of all staff training including renewal dates. Again, this is something that Compliant can provide a template for and work with businesses to complete.

Under this clause team members must understand their contribution to the effectiveness of the OH&S management system, including the benefits of improved OH&S performance. As such businesses must be able to provide evidence of training in relation to OH&S and evidence of communication about the management system and any relevant policies, processes or procedures.


The operational element of the standard is perhaps the area where the largest amount of evidence must be provided. Under clause 8 “The organization shall plan, implement, control and maintain the processes needed to meet requirements of the OH&S management system, and to implement the actions determined in Clause 6.”

Under this clause businesses must provide a hierarchy of controls and evidence for each of these controls. Businesses must demonstrate emergency preparedness and response. This includes establishing a planned response to emergency situations, including the provision of first aid; training for the planned response and ensuring testing and exercising of planned responses. Businesses must evaluate performance of responses and make adjustments where necessary. Compliant can make recommendations on these adjustments. Our BSI Trained Lead Auditor holds NEBOSH and supports a range of businesses with Health and Safety offering additional health and safety packages.

This section of the standard is where businesses would showcase fire documentation including fire drills, fire extinguisher maintenance evidence, fire alarm testing evidence and fire evacuation plans.

Complaint can provide templates for all of the above and make recommendations for partners to provide servicing. All of which will ensure ISO 45001 compliance.

Performance evaluation

As part of any management system businesses must establish, implement, and maintain a process for monitoring, measuring and analysing performance. Under clause 9 a business must carry out internal audits and management reviews. We can support with both and we offer ongoing support clients’ internal audits and document reviews with a trained ISO auditor ahead of surveillances.

Businesses need to provide documented information as evidence of the results of monitoring, measurement and analysis of performance on the maintenance, calibration and/or verification of measuring equipment. They must also plan, establish, implement and maintain an audit programme which includes how often audits will take place, methods used, people present and responsibilities. We always recommend that clients consider the importance of the processes concerned and the results of previous audits.


Under clause 10 businesses are expected to “implement necessary actions to achieve the intended outcomes of its OH&S management system”. If an issue or nonconformity occurs, then businesses must take actions to control it. They must investigate any incidents, determine the cause, implement any actions to rectify if needed and review the success of actions taken. All of this must be effectively recorded and communicated.

Compliant supply a non-conformity log with options to record a range of issues and a process flow to explain how steps are taken to resolve any non-conformities. As part of clause10.3 “The organization shall continually improve the suitability, adequacy and effectiveness of the OH&S management system”.

What are the ISO 45001 main principles

Ensuring ISO 45001 compliance

As outlined above Compliant walk clients through the process to support ISO 45001 compliance and ensure that all elements of the standard are met. We provide templates where necessary and work with clients to create a bespoke management system using a blend of our documents and any processes or procedures that clients may already have in place.

Some of the advantages of obtaining ISO 45001 certification with Compliant include:

  • Provides evidence of adhering to health and safety regulations
  • Controls operational risk
  • Boosts stakeholder assurance
  • Protects your business
  • Improves business and a competitive edge

We have a proven track record and have helped a range of businesses in getting started with this popular ISO certification. Discover the benefits of ISO 45001 in a previous article of ours here.

HSE and compliance with health and safety law

HSE describes ISO certification as a national and international standards group that is independent of the government with ISO 45001 as an international standard for health and safety at work.

Although ISO 45001 and other management standards are not mandated by law, they can assist in offering a systematic framework for guaranteeing a safe and healthy workplace.

HSE explains that “HSE inspectors will continue to rely on a wide range of evidence and observations when assessing an organisation’s compliance with health and safety law, not just whether they claim to meet the ISO 45001 standard or not.”

Getting started with your health and safety management system

ISO 45001 enables businesses and senior management to enhance their health and safety operations. As a business with an ISO 45001 certification, you will take proactive measures to attempt and reduce the possibility of significant risks. We have helped a range of businesses to achieve ISO 45001 including Atom Water Treatment, whose full case study can be viewed here.

If you would like more information on how to get certified, we’d be happy to arrange a call to talk about your options. Alternatively, if you would like a quotation at any point just fill in our FREE quote calculator.

What are the benefits of ISO 9001?