QCS MANAGEMENT PVT. LTD.

ISO 45001:2018
OCCUPATIONAL HEALTH & SAFETY IMPLEMENTATION GUIDE

Prepared
By
ALOKE GANGULY

AG
 QCS MANAGEMENT PVT. LTD.

> ISO 45001:2018

OCCUPATIONAL HEALTH & SAFETY IMPLEMENTATION GUIDE

AG
2 ISO 45001:2018 OCCUPATIONAL HEALTH & SAFETY IMPLEMENTATION
GUIDE
 QCS MANAGEMENT PVT. LTD.

Contents
Contents
Introduction to the standard P04
Benefits of implementation P06
PDCA cycle P07
Risk based thinking / audits P08
Annex SL P09
SECTION 1: Scope P10
SECTION 2: Normative references P11
SECTION 3: Terms of definition P12
SECTION 4: Context of organization P14
SECTION 5: Leadership P16
SECTION 6: Planning P18
SECTION 7: Support P20
SECTION 8: Operation P22
SECTION 9: Performance evaluation P24
SECTION 10: Improvement P28
Get the most from your management P30
Next steps once implemented P32
How else can we assist P33

AG
QCS MANAGEMENT PVT. LTD.

SO 45001:2018 OCCUPATIONAL
ISO HEALTH&&SAFETY
OCCUPATIONAL HEALTH SAFETY IMPLEMENTATION GUIDE
IMPLEMENTATION 3
GUIDE

AG
 QCS MANAGEMENT PVT. LTD.

INTRODUCTION
TO THE STANDARD
ISO 45001:2018 is a new International to prevention of accidents and long and short term
standard which provides a framework, ill health effects. The standard provides a platform
regardless of size, activity and geographical to develop a positive safety culture leading to
worker wellbeing.
location, to manage and continuously
improve Occupational Health and Safety Once the policy framework has been put in place,
(OH&S) within the organization. along with processes to facilitate the organization’s
commitment, the standard then asks the organization
The risk-based approach standard introduces to audit, review and improve the system including
the common ‘Annex SL’ structure which assessment of compliance obligations. This
provides approach provides the organization with both
compatibility with other ISO standards including assurance and business continuity.
ISO 9001 Quality, ISO 14001 Environment and ISO
27001 Information Security management systems. Standard requirements can significantly help
the organization improve internally; by
By adopting a systematic approach including worker embedding a culture of challenge and continual
participation, the organization can integrate OH&S improvement.
within its business processes which will contribute

AG
 QCS MANAGEMENT PVT. LTD.

4
4 ISO 45001:2018 OCCUPATIONAL HEALTH & SAFETY IMPLEMENTATION GUIDE
GUIDE

AG
QCS MANAGEMENT PVT. LTD.

AG
 QCS MANAGEMENT PVT. LTD.

A Brief history of ISO 45001

OHSAS 18001:2007 (initial This was recognised and hence the Owing to this compatibility ISO
version OHSAS 18001:1999) is need to have a systematic structure for 45001:2018 should build on all the
the predecessor to the recently the management of the activities. ISO success of OHSAS 18001 and allow the
released ISO standard ISO 45001:2018 is an ISO standard and benefits to be enhanced and potentially
45001:2018. The OHSAS standard has been designed to have greater integrated in other generic management
was recognised internationally compatibility with existing ISO standard system standards.
but it is not an ISO standard. management system revisions including
ISO 9001:2015 and ISO 14001:2015. In 2021 OHSAS 18001 will be
Over time it has become withdrawn leaving ISO 45001 the
increasingly apparent that too many It uses the same management system primary international OHS management
workers are suffering from OHS structure and reflects the requirements system standard.
related illnesses, injuries and identified by the International Labour
deaths, placing an unacceptable Organization guidance for OHS
burden on people, their families and systems. It has been developed over a
with moral and welfare costs to number of years by International bodies
society overall. and industry experts.

5
ISO 45001:2018 OCCUPATIONAL HEALTH & SAFETY IMPLEMENTATION GUIDE

AG
 QCS MANAGEMENT PVT. LTD.

BENEFITS OF
IMPLEMENTATION
With or without a formal OH&S management system, organizations have a moral and legal
duty to protect workers from accidents and ill health. This next section provides an overview
of a selection of positive benefits from implementation of ISO 45001. These positive benefits
are not exhaustive.

risk and embed best practice resulting in increased

Adoption of the high-level structure of ‘Annex productivity.
SL’ enables organizations to integrate ISO
45001 with existing ISO 9001 Quality and
ISO14001 Environmental management
systems. This approach has reduced the
complexity of multiple clause requirements
across different standards applications, saving
time and resources.

The standard provides a systematic approach

for senior leadership to assess OH&S risk
and opportunities, monitor and review
safety performance and set objectives for
continual improvement within the ‘context’ of
organizational activities. This may include, for
example, worker health promotion campaigns
or the monitoring of the OH&S effects of
products and services provided.

Implementation is a demonstration and

commitment from senior leadership to internal
and external stakeholders (interested parties)
of the intent to protect workers from accidents
including short and long term ill health effects.
Of course, this may in-turn reduce downtime,
lead to reduction or prevention of worker loss
time hours and potential prosecution.

This commitment also provides assurances to

the Board of Directors, Trustees or owners that
management controls regarding OH&S risks
inherent within the organization.

The standard promotes worker participation

when identifying hazards, elimination or
reducing risk by implementation of controls
integrated with other business process. This
approach can improve safety culture, minimise

AG
 QCS MANAGEMENT PVT. LTD.
demonstrated within the system.
In addition to internal process
controls, the standard has Both internal and external audit programmes
provided requirements to provide scrutiny and effectiveness of the OH&S
assess procurement of products and management system including processes. The
services which may have influences programme promotes communication and
on OH&S. For example, risk based participation of workers with identification of
structured management of gaps leading to continuous improvement.
contractors. Such a process can in-
With an emphasis on workers taking an
turn provide controls to reduce both
active role in OH&S matters, this can have
OH&S risk, promote positive safety
positive benefits on an organization’s
culture and protect business.
reputation as a safe place to work leading
The standard provides a structure to to staff retention, motivation and greater
monitor and review compliance productivity.
obligations to ensure the organization
Implementation is also recognition for having
is legally compliant including products
achieved an international standard benchmark
and services. It is important for an
which may have positive influence on existing
organization to understand what it is to
and potential customers in fulfilling their own
achieve, why it needs to achieve and if
social responsibility commitments.
it has achieved – this should be

For further information on positive benefits of ISO 45001 standard implementation and its intended
outcome refer to section 1 ‘Scope’.

6
6 ISO 45001:2018 OCCUPATIONAL HEALTH & SAFETY IMPLEMENTATION GUIDE
GUIDE

AG
 QCS MANAGEMENT PVT. LTD.

PDCA CYCLE
ISO 45001 has adopted the four stage Plan-Do-Check-Act (PDCA) cycle for achieving continual
improvement. This is an inherent part of the systematic approach to determine workable
solutions, assessing the results, and implementing ones that have been shown to work.
The PDCA cycle can be applied not only to management systems as a whole, but also to each individual element to provide
an ongoing focus on continual improvement. At the core of each stage is ‘Top Management’ who are pivotal to ensure the
OH&S system is managed effectively.

In the context of ISO 45001, refer to the following PDCA cycle:

Plan: Do: Check: Act:

Understand the context of the Implement the Monitor, measure Take actions to
organization including OH&S processes as and evaluate OH&S continually improve to
risk and opportunities. Establish planned to activities and including findings of
OH&S objectives, processes including worker processes. incidents, addressing
and resources required to participation, hazard non-conformance and
deliver results in accordance identification and audit findings.
with the organizations OH&S emergency
Policy. preparedness.

SCOPE OF THE OH&S MANAGEMENT SYSTEM (4.3/4.4)

CONTEXT OF THE
ORGANIZATION
SUPPORT &
(4)
OPERATION
(7, 8)

Plan Do
INTERNAL & INTENDED
LEADER OUTCOMES
EXTERNAL ISSUES PLANNING & WORKER PERFORMANCE OF THE
(4.1) (6) PARTICIPATION EVALUATION OH&S MS
(5) (9)

Act Check
NEEDS AND
EXPECTATIONS IMPROVEMENT
OF RELEVANT (10)
INTERESTED
PARTIES (4.2)

Establish OH&S objectives, processes and resources required to deliver results in accordance with the organizations
OH&S Policy

DO: CHECK: ACT:

Implement the processes as planned Monitor, measure and Take actions to continually improve to
to include worker participation, hazard evaluate OH&S activities including findings of incidents, addressing
identification and emergency preparedness. and processes. non-conformance and audit findings.
AG
 QCS MANAGEMENT PVT. LTD.
RISK BASED 7

THINKING/AUDITS
Any company that operates an OH&S management system must ensure there are effective
measures to evaluate performance which enables continual improvement internally. This section
outlines the different methodologies of auditing in relation to the OH&S system to ensure it is
effective at all levels of the organization and meets the requirements of the standard.

Risk Based Thinking

Risk Based Thinking (RBT) is a central tenet of ISO 45001. Walk Through Audits
RBT requires the Management Team to continually assess the A less formal approach maybe adopted in addition to the audit
issues that affect OH&S aspects of an organization and ensure plan by conducting ‘walk through’ audits. This may be conducted
that appropriate targets, resources and controls are in place. by senior leadership or at operational level to inspect areas of
RBT empowers organizations to make dynamic changes to the organization to pre-determined questions. This is a further
their objectives and focus, whilst at the same time ensuring opportunity to engage with workers, promote communication and
that resources are in place to control changes and unforeseen build a positive safety culture within the organization.
circumstances. In relation to OH&S, risk-based thinking
extends to areas outside of the organization which may
influence safety.
2nd Party - External Audits
Second party audits are usually conducted by customers or
For example, procurement of products and services (including organizations on their behalf, however they may be conducted
contractors) and the impact of supplied products and services. by regulators to ensure the organization complies with legal
The organization must determine the methodology for risk-based requirements. External audits are a useful way to substantiate
thinking with consideration of compliance obligations and the an
participation of workers. For operational aspects the standard organization OH&S claim and to gather first-hand information and
clearly defines the hierarchy of control for hazard identification contact with workers prior to commitment to a formal business
and the reduction of risks with the involvement of workers. This relationship. Second party audits may be planned; however,
methodology requires the organization to reduce risks notice may not be provided from regulators emphasising the
associated with hazards to a reasonably practicable level. requirement to ensure OH&S organizational requirements
are prepared.

1st Party - Internal Audit 3rd Party - Certification Audits

Internal audits are taken at a moment in time to determine if
policies and practices are effective and achieving the Third party audits are conducted by UKAS accredited
intended aim. The internal audit is an opportunity to engage certification bodies such as NQA in compliance of the ISO 45001
with workers and to capture a true reflection of processes. OH&S standard. Depending on the number of employees, sites,
Audits may identify positive evidence of conformity including risk and complexity of the organization, the certification body
compliance obligations, however through inspection and will determine the number of audit days required to cover the
observation they may identify improvement opportunities full scope of the standard. Prior to certification, the organization
and non-compliance in breach of the management standard. may consider a gap analysis conducted by either consultant or
certification body to identify gaps against the OH&S standard.

Audit Planning
Developing an audit plan does not have to be a complicated Certification is a demonstration to interested parties
process. Through risk based thinking a series of audits can including workers, customers and regulators that
be scheduled to focus areas of higher risk and to engage there is:
with identified groups of workers. It’s up to the organization
to determine the frequency provided it is defined. In addition • A mechanism for regular assessment to monitor
to operational aspects the plan will cover core processes and implement compliance obligations
including compliance obligations, management review and • Regular assessment to monitor and
documented information. improve OH&S processes
• Identification of hazards and reduce OH&S risk
• Regular review and assessment of OH&S risk
and opportunities
• Worker participation in the decision-making process
to ensure a safe working environment, continuous

AG
 QCS MANAGEMENT PVT. LTD.
improvement and safety culture

AG
 QCS MANAGEMENT PVT. LTD.

ANNEX SL
Prior to the introduction of Annex SL (previously known as ISO Guide 83), organizations who
implemented ISO 9001 Quality, ISO 14001 Environmental and ISO 27001 Information Security
standards had difficulty integrating management systems. Based on different clause structures
and terms of definition, the absence of Annex SL could lead to potential gaps between
management systems an unnecessary burden on resources. The introduction of Annex SL
including ISO 45001 has enabled multiple standards to adopt the same high-level structure to
harmonise 10 core clauses, making it easier to integrate common management standards.

High Level Structure The first three clauses provide a background to the standard with
useful information including terms of definition. The rationale of
Annex SL consists of 10 ‘Context of the Organization’ (clause 4) is that the system focuses on
core clauses: processes and requirements needed to achieve organizational policy
objectives. This is achieved by understanding the organization and
1. Scope the context in which it operates. The Clause sets out the requirements
for the organization to define the ‘Scope’ of the system, and the
2. Normative references subsequent planning of the system.
3. Terms of definition
Clause 5 to 10 are common to all management system standards,
4. Context of organization ISO 45001 specifically relates to occupational health and safety
5. Leadership issues.
6. Planning So, whilst there is commonality, there are OH&S processes to
be established, implemented and maintained including
7. Support understanding of the policy framework, identification of
8. Emergency preparedness hazards, management control of risks and worker participation.
9. Performance evaluation A successfully deployed Annex SL enables an integrated
management system (IMS) which
10. Improvement simultaneously handles the requirements of ISO 45001, ISO 9001 and
ISO 14001. Typically, this would include a harmonised documented
information, procurement, audit and management review process
without the necessity of duplication.

Annex SL Clause Overview

PLAN DO CHECK ACT

4 intere gement Organizational to achieve them

Context of the sted sys 5 roles, 6
partie te responsibilities
organization s m Leadership and authorities Planning

4.1 4.3
Understanding Deter 6.1 Actions to
minin 5.1 Leadership
the organization address risks
g the commitment
and its context and
scop opportunities
e of
4.2 the
Understanding ISO 5.2 Policy 6.2 ISO
the needs and 4500
expectations of 45001
1
workers and objectives
mana
other 5.3 and planning

AG
 QCS MANAGEMENT PVT. LTD.
review ective action
9
7 8 10
Performance
Support Operations Improvement 10.2 Continual
evaluation
7.3 Awareness and improvement

10.1
8.1 Operational
9.2 Non
7.1 Resources planning and
7.4 Internal audit conf
control
Communication ormi
ty
and
8.2 Emergency 9.3 corr
7.2 Competence Management
preparedness

4.4 ISO 45001

system 7.5 Documented
information

AG
 QCS MANAGEMENT PVT. LTD.

SECTION 1:
SCOPE
For registration all clause requirements must be applied. This section sets the intent and
parameters within which the ISO 45001 OH&S management standard can be used to attain
its intended outcome.

The intended outcome of the OH&S management system is for the organization to:
• Provide a safe and healthy workplace(s)
• Prevent work related injury and / or ill health
• Proactively monitor and improve OH&S performance
• Eliminate hazards and minimise OH&S risks (including system deficiencies)
• Take advantage of OH&S opportunities and address management system non-conformities associated with its activities
• Fulfil legal and other requirements
• Achieve OH&S objectives
• Integrate other aspects of health and safety including worker wellness / wellbeing

This section makes it clear that the standard does not address issues such as product safety, property damage or environmental
impacts beyond the risks they present to workers and other relevant interested parties.

AG
 QCS MANAGEMENT PVT. LTD.

SECTION 2:
10

NORMATIVE
REFERENCES
Reference to ‘normative references’ are common across all management system standards
however in the case of ISO 45001 there are no normative references.

If applicable to a standard, normative references are essential

documents used for the application of the document. In other
words, the reference document is considered essential for the
application of the referenced standard.

ISO 45001 provides a bibliography with further information

including associated ISO management standards.

AG
 QCS MANAGEMENT PVT. LTD.

SECTION 3:
TERMS AND
DEFINITIONS
ISO standards are written in such a way that their meaning can be open to interpretation. As
with all standards, this interpretation can lead to confusion. To assist the user section 3 of
the standard provides prescriptive terms of definition to prevent the wrong interpretation.

It is highly recommended that persons responsible for

implementation of the standard clarify and have a clear
understanding of words described in this section. Annex A Guidance
‘Annex A’ of the standard provides useful clarification
For example, ‘worker’ may be interpreted without guidance as an of selected concepts in relation to OH&S to avoid
operator who works in a factory, when in reality a worker covers misunderstanding. Concepts including:
many different occupational aspects including agency, contractors, all
employees including Top Management and external provider staff.
• Continual
Each term is listed in accordance with the hierarchy of • Ensure
concepts reflecting the sequencing of the introduction of
the standard. • Interested party
In addition to the term or definition, notes provide further • Documented information
information and clarity.
If the organization requires the use of specific industry
If an electronic version of the standard has been purchased related terms and their meanings relative to the OH&S
the definitions are hyperlinked to other definitions so that their system, these terms can be used, however they must
interrelationships can be seen. still conform to the ISO 45001 document.

AG
QCS MANAGEMENT PVT. LTD.

AG
 QCS MANAGEMENT PVT. LTD.

ISO 45001:2018 OCCUPATIONAL HEALTH AFETY IMPLEMENTATION GUIDE 13

&S

SECTION 4:
CONTEXT OF THE
ORGANIZATION
The rationale of this clause is that the system focuses on the processes and requirements needed
to achieve the OH&S policy objectives. This can be achieved by understanding the organization and
the ‘context’ in which it operates. Clause 4 also sets out the requirements for the ‘Scope’ and the
system to be defined, and the subsequent high-level planning of the system to achieve the
objectives.

Understanding the context of the organization is

These four requirements follow a sequence:
usually conducted by senior leadership with
• In 4.1: Clarification of the strategic aims of the
information about the business and activities gathered
organization and determine any issues that could affect
at every level of the
these aims being achieved.
organization. Discussion points focus on internal and
• In 4.2: Consideration of the interested parties
external issues which have an impact on the OH&S
(Stakeholders) including workers to the organization and
system.
how they can affect how the organization operates.
Clause 4 has four sub-clauses that each set out an element of • In 4.3: Setting the scope of the OH&S Management
what is needed to define the Context of the Organization, and System from the information discussed and considered in
to design the OH&S management system. 4.1 and 4.2
• In 4.4: Laying out a design for the OH&S management
system and the high-level planning around it

Clause 4.2
Clause 4.1 Clause 4.3 Clause 4.4
Understand the needs and
Define the organization and Scope what you want to Design the sequence
expectations of workers and
what can affect it include in the system of processes
other interested parties

4.1 Understanding of the organization and context

Clause 4.1 requires the provision of a high-level understanding of key issues that can affect OH&S both positively and negatively
within the organization. Using this information will help develop an understanding of internal and external issues and the
interaction of activities to help plan and develop controls within the system.

AG
QCS MANAGEMENT PVT. LTD.

AG
 QCS MANAGEMENT PVT. LTD.
WHAT ARE INTERNAL AND EXTERNAL ISSUES?
Internal and external issues are circumstances, characteristics and changes which can positively or negatively influence
the OH&S management system. ‘Annex A’ of the standard has been developed to provide examples of internal and
external issues. Below are typical examples, however each issue will be focused on the individual organization:

External issues Internal issues

• Cultural, social, political, legal, financial, technological, • Governance, organizational structure, roles and
economic and natural surroundings including the accountabilities
environment in which the organization operates • Policies, objectives and the strategies in place to achieve
• Who the competitors are and any contractors, them
subcontractors, suppliers, partners and providers • Resources (including human), knowledge and competence
• National and international law • OH&S culture within the organization and the relationship
• Industry drivers and trends which have influence on the with workers
organization • Process for the introduction of new products, materials,
• The organization products and services and their influence services, tools, software, premises and
equipment on occupational health and safety • Working conditions

With the information that is gathered during discussions at all levels of the organization to determine context, it is
recommended this information is placed into a report. The benefit of this is it provides a cohesive explanation and a good
reference to support present and future business strategy. (For review of context refer to section 9).

AG
 QCS MANAGEMENT PVT. LTD.

4.2
Understandin
g the needs
and
expectations
of workers
and other
interested
parties
‘Interested parties’ is the
preferred term introduced by ISO
however commonly referred to as
‘Stakeholders’. Unlike other
common standards this clause
introduces
the term ‘Workers’ which is a broad
term as described in section 3 of the
standard ‘Terms and definitions’.

This section requires the

determination of, in addition to
workers, interested parties that
can influence OH&S positively
and negatively. Once it has been
decided which interested parties are
relevant and significant, their needs
and expectations within the OH&S
management system should be
addressed.

Remember when considering

interested parties, some needs and
expectations are mandatory and
incorporated into law and regulatory

4.3 Determining the scope of are engaged in the service or production of goods, including
any customer facing activity and post-delivery warranty work.
the OH&S management Where an organization is complex, the scope is used to ring-
system fence only the activities or locations where the system is
being used. This can be referred to as ‘boundaries of
From the context information gathered in 4.1 and applicability’. However, areas of the business cannot be
understanding of needs and expectations of workers and excluded from the scope to avoid OH&S processes or evade
interested parties in 4.2 the ‘scope’ can be developed. legal compliance.
The Scope sets out the areas of the business that are going When the application to NQA is made to have the system
to be managed in the OH&S Management System. audited for certification, it is necessary to declare the scope in
Usually, this will include the key processes and activities that

AG
 QCS MANAGEMENT PVT. LTD.
a statement. This will ensure that they send the correct auditor competence which will be audited.
with experience in your industry sector. For example:

‘The Manufacture and Sales of Dishwashers’ 4.4can

Interested parties OH&S management
be documented in the form ofsystem
a map:
Using this example, you can see that the main process From the information gathered in 4.1, 4.2 and 4.3 the standard
is manufacturing which will incorporate many requires the design and integration of processes within the
processes including workers, machinery, regulatory management system to satisfy the requirements of ISO 45001.
requirements, This may include such processes as design and development,
external providers, customers (end users) and procurement, marketing and manufacturing.

15
CUSTOMERS
ISO 45001:2018 OCCUPATIONAL HEALTH & SAFETY IMPLEMENTATION GUIDE

EMERGENCY
WORKERS
SERVICES

GEOGRAPHICAL
REGULATORS SUPPLIERS
LOCATION

CONTRACTORS 3RD
PARTIES

INSURERS

AG
 QCS MANAGEMENT PVT. LTD.

SECTION 5:
LEADERSHIP
Critical to the success of the OH&S management system is leadership and commitment
from ‘Top Management’. The expectation on leaders within an organization is to become
champions of the system and provide the necessary resources to protect workers from harm.

This section provides the tone and expectation on senior

leadership to take an active part in the OH&S system and
OH&S Policy
generation of a positive health and safety culture within the An OH&S Policy is a ‘Statement of Intent’ or ‘Mission
organization. Statement’ which sets out the framework to manage the
Occupational Health and Safety Management System.
The following are examples of how leadership can be
The OH&S policy is approved by senior leadership and
demonstrated within the OH&S management system:
will drive the controls that are in place and the actions
• Take overall responsibility and accountability for the
that are carried out to improve it.
prevention of work related injury / ill health, as well as
the provision of a safe and healthy work environment The standard specifically requires that the OH&S policy
• Facilitating positive culture and continual improvement should include commitments to:
• Ensure the OH&S system is integrated within business • Provide a framework for setting objectives
processes • Provide safe and healthy working conditions for the
• Promote communication internally and externally and at all prevention of work related injury and / or ill health
levels (cascading from the top) • Eliminate hazards and reduce OH&S risks
• Protect workers from reprisal when reporting incidents, • Continual improvement of the OH&S system
hazards, risk and opportunities • Consultation and participation of workers and where they
• Provision and support for safety committees exist worker representatives
For an external audit the expectation is for senior leadership • Fulfilment of legal and other requirements
to be at the heart of the OH&S management system with a Once the OH&S policy has been approved it must be
clear demonstration of understanding the system. communicated to stakeholders including workers. The policy
must be available to interested parties, which will include
customers and external providers on request.

In addition, periodically the OH&S policy must be reviewed by

senior leadership to ensure it remains applicable to the context
of your organization.

AG
 QCS MANAGEMENT PVT. LTD.

Organizational roles, Here is a selection of suggested methods of promoting

responsibilities and consultation and participation of workers:

authorities • Periodic meetings with senior leadership to

discuss processes including OH&S issues
This section requires the organization to define clear • Safety committee with worker
roles, responsibilities and authorities throughout the representatives (where required)
organization. It is recognised that overall responsibility • Identification and elimination of hazards (risk assessments)
for the OH&S management system falls to ‘Top • Development of training Tool Box Talks and presentations
Management’ however individuals must take account of (This may include training tools for workers outside of your
their own health and safety and that of others. organization such as visiting contractors)
• Development of Safe Systems of Work and Work Instructions
Consider documenting roles, responsibilities and authorities • Cross communication between sites within the organization
within high-level and localised organizational charts. • Near miss reporting schemes with follow up
Individual policies and work instructions may also include actions including root cause analysis
responsibility and authority however competence must be • Site tours
considered. • Open door policy to talk to a safety or HR representative
• OH&S suggestion boxes
Consultation and participation • Communication – Notice boards, newsletters, email,
blogs, health promotion campaigns
of workers Once a selection of methods of consultation and participation
A key factor for the success of an OH&S system is to ensure of workers has been chosen, consider documenting the
there are clear lines of communication, consultation and methodologies within a process. This will enable the
participation of workers with sufficient allocation of time organization to periodically check the process within your audit
and resources. This section requires the development of programme to ensure any identified requirements have
processes to ensure information that has an impact on OH&S been fulfilled.
is communicated at all levels of the organization.

This can be achieved in many different ways depending on the

scope and scale of your organization.

AG
QCS MANAGEMENT PVT. LTD.

17

AG
 QCS MANAGEMENT PVT. LTD.

SECTION 6:
PLANNING
Planning is one of the key components of any management system. ISO 45001 is based on
the ‘Plan-Do-Check-Act’ cycle, where planning is used to set the actions in motion for how
the system will work.

Planning occurs at several points in the framework for OH&S Consideration must also be given to the types of activity
management system. In order to set out the management including the following:
system planning is required using information gathered in • Groups of workers exposed to the hazard
clause 4. At various points in time there will be the need to • Shift work, hours of activity, lone working, supervision
‘plan’ again; this includes the periodic planning for achieving • Human factors including demanding physical activities
objectives that are set and reviewed, and also in the event of a • Design of the workplace, for example segregation of traffic and
‘change’ which could arise from a planned or unplanned event. pedestrian routes

The requirements are to:

• Plan the actions based on risk assessment to manage risks
and opportunities in the prevention of undesired effects
including work related injury or ill health
• Manage events and continually determine risk and
opportunities for both workers and the OH&S system
• Establish and manage objectives
• Plan and manage changes to the system and re-evaluate
once change has been made
• Consider relationships and interactions between activities
• Define a methodology for hazard identification
• Define the methodology for identification and management
of legal and other requirements
• Understand the knowledge within the organization to
manage activities safely

Hazard Identification
Hazard identification is fundamental in the planning process to
prioritise actions to address risks and opportunities. Using the
‘Hierarchy of Controls’ (see illustration opposite) the standard
requires the organization to conduct risk assessment based
on internal and external activities. Hazard identification will
enable the organization to recognise and understand hazards
in the workplace. It will also allow workers to assess, prioritise
and eliminate hazards or to reduce OH&S risks. Hazards
can appear in many different circumstances and
conditions including physical, chemical, biological,
psychosocial, physiological, mechanical, electrical, or
those based on movement and energy.

AG
 QCS MANAGEMENT PVT. LTD.
• Changes in work pattern including increase or Using the hierarchy of controls, the organization needs to
decrease in productivity determine the methodology in which the findings are
• Noise, cold, heat recorded as documented information and communicated to
• Legal requirements and mechanism to adapt to workers and other interested parties. Typically, the
changes in legal requirements competent person would conduct a risk assessment and
• How the risk assessment will be score the findings based on the likelihood of the event
communicated and subsequent worker based on the severity of harm with an applied risk score.
training of control measures This methodology would be consistently applied and be
• Emergency situations such as unplanned events based on the legal / regulatory requirement, type and
including fire and loss of power circumstances of the activity, I.e. noise, fire, vibration,
• Availability of resources to ensure hierarchy of height risk assessment etc.
controls can be applied to risk assessment findings
It is recommended that risk assessment conducted by a
competent person(s) starts at the design phase of any
Hierarchy of Controls activity and involves the workers who are or will be directly
involved in the process.
Most Effective

Physically remove
Elimination the hazard

Replace the
Substitution
hazard

Engineering Isolate people

Controls from the hazard

Administrative Change the way

Controls people work

PPE Protect the worker

with Personal
Protective
Equipment
Least Effective

AG
 QCS MANAGEMENT PVT. LTD.

£
£

Determination of legal and Planning Action

other requirements Following the hazard identification process, the organization
should plan actions in order of priority to reduce risk. These
The organization needs to be confident that during the risk
should consider the consequences of these actions before the
assessment process it is adhering to the latest applicable legal
actions are introduced. Planning actions and including the
and other requirements. The legal and other requirements
process of assessment will vary depending on the complexity
of the business.

Sources of information may be gathered in many

ways including:
• Subscription to publisher legal update newsletters
• Membership of trade associations
• Research via reputable government websites
• Use of competent consultants
• Competent employee membership of occupational health
and safety institutes
• Employee attendance of occupational health and
safety training courses

Following the initial assessment of compliance obligations, the

organization may consider placing the relevant information in a
document. A spreadsheet may be useful for this purpose.

A live document may include the following information

and be referenced within individual risk assessments:
• Name and reference number of regulation / requirement
• Revision status
• Date the regulation was last reviewed
• Competent person responsible for reviewing the requirement
• Area of the organization the requirement impacts including
a short description of activity and associated documented
information
• A hyperlink or description of the source of information
• Name and customer / external provider contact details if
relevant to ‘other requirement’
• Next review date

AG
 QCS MANAGEMENT PVT. LTD.
introduction of control measures must be within the
framework of the OH&S management system.

Control measures may be either integrated into existing

quality system work instructions or based on risk and
developed into a dedicated Safe Systems of Work. Tasks
may be delegated by senior leadership individually or as a
collective group.
Tasks will be allocated to persons based on competency
with consideration as to how any training will be delivered
to different groups of workers.

Objectives
It is a requirement of the standard to set achievable OH&S
objectives with the means to periodically measure progress,
demonstrating continuous improvement. Often objectives are
set and reviewed at management review (see clause 9.3) or
locally at departmental or committee meetings. Once set,
there must be the means to communicate objectives
throughout the organization to support and generate a
positive OH&S culture.

If many requirements have been identified the organization

may consider developing a documented Occupational Health
and Safety Strategic Plan. The plan should be agreed by
senior leadership and include risk rating tasks, in order of
priority, and the alignment with senior leadership responsible
for overseeing the task.

A strategic OH&S plan is a live document and periodically

should be reviewed to monitor progress to achieving
objectives and continuous improvement.

The document may include:

• Strategic prioritised topic
• Action, this could be conducting assessments according
to compliance obligations such as a noise assessment
• Method in which the action can be achieved
• Resources required to achieve the action. For example
human, equipment, financial and external provider
expertise
• The key performance indicator to demonstrate
achievement of the action
• General responsibility
• Top Management responsibility
• Timescale
• Risk rating (order of priority)

AG
 QCS MANAGEMENT PVT. LTD.

SECTION 7:
SUPPORT
This section looks at the requirements which underpin the OH&S management system to
ensure it runs effectively.

The diversity of activities within the organization will determine the

Resources level of training required to fulfil competence. Training gaps are usually
identified with the development of new processes, for example the
Resources will be required to fulfil the requirements identified
introduction of new machinery or in achieving compliance with
during the planning stages of the system to maintain
regulatory requirements.
continuous improvement. These include human, natural,
infrastructure (buildings, plant, equipment, utilities, emergency No matter how big or small the organization is, training records are
containment systems) technological and financial resources. essential as reference and evidence of the fulfilment of
competence. Consider an overview training matrix identifying
It is essential that allocation of resources has the full support
fulfilled training gaps including refresher training dates. In addition,
from Top Management, under the requirements of Clause 5, to
consider individual training records with signatory evidence from
drive the maintenance of a safe and healthy work environment.
the worker to acknowledge completion and understanding of
As part of identifying resources, the organization needs to look
training including hazard awareness.
at the information produced in Section 6 to acknowledge the
risk, opportunities and resulting objectives. They then need to
allocate sufficient resources to mitigate or manage them.

Competence
An organization working effectively and efficiently must
have competent workers. In terms of OH&S it is essential
that workers have access to information and have been
suitably trained to prevent accidents or ill health to
themselves and others. Competence can include
consideration for:

• Capability to fulfil the task based on defined job roles and

clear understanding of the required OH&S aspects
• Defined methods of recruitment with consideration for
temporary or agency workers
• Awareness of hazards associated with the environment and
processes
• Legal requirements
• Individual capabilities including experience, language skills,
literacy and diversity

AG
 QCS MANAGEMENT PVT. LTD.
The organization must also consider the competence H&S Policy including the requirement for individuals to protect
of external providers including the procurement of themselves and others from exposure to hazards. Awareness
contractors conducting tasks on site. The training starts before work commencement for both internal
organization’s procurement process may provide the and external workers and may include:
structure for management of external providers;
including evidence of capability, competence and on • OH&S Policy and requirements
site, this may be supported with site induction training. • Hazards associated with the environment and processes
• Means to report incidents and receive information following
Either internally or externally, the organization’s investigation
Top Management must be confident that • Means to report near misses or safety critical defects
mechanisms are in place to provide workers with • Structure of supervision
suitable and sufficient competency based OH&S • Provision of information including Safe Systems of Work or
training. Work Instructions
• Clear understanding that there are no recriminations for
Awareness reporting hazards or precautionary removal of individuals
from exposure to harm which is life threatening. This must
Awareness of the requirements of the OH&S system is be actively encouraged as part of a positive safety culture
critical to both internal and external workers. There
must be a clear understanding of the organization’s It is recommended there is evidence of awareness training.
This is outlined within the ‘competence’ section of Section 7.

AG
 QCS MANAGEMENT PVT. LTD.

Communication • Develop a document reference system within the

header or footer e.g. Maintenance Procedure No. 1 –
– internal and external MP01, Maintenance Form 01 – MF01 etc
• Identify the revision status, revision date and author
Defined channels of communication is key for the success within the document footer
of the OH&S management system. It is recommended • Use the same document control methodology for
that there is clear policy on communication endorsed by electronic documents and data
Top Management identifying the process of
communication. The organization will need to determine:

Question Examples

What will be OH&S Policy, site rules

communicated? including personal
responsibilities, hazards,
risk assessments, Work
Instructions, minutes from
committee meetings,
investigation results,
organizational structure,
performance

When Recruitment permanent

communication or temporary, induction
internally and
occurs? externally, morning
briefing, safety
committee meetings,
pending legal requirements

Who will information Workers including agency,

be communicated contractors, external
providers, product end users
to? and other interested parties

How will information Notice boards, tool box

be communicated? talks, email, website,
newsletters, supervision

Methods of controlling
Documented Information
It’s essential to have a robust but simple system of control for
documented information. This will ensure workers are always
aware of the latest requirements relating to OH&S. In support
of the latest revision of documented information there must
be the means to communicate the latest policies, practices
and work instructions. As previously indicated documented
information will come from internal and external sources.
Below are suggested means of controlling both internal and
external documented information:

Internal

AG
 QCS MANAGEMENT PVT. LTD.
chosen method with an instructional procedure with
Documented information applicable training.
As with all management systems the extent of documented
information will vary depending on the size, scope and
complexity of processes within the organization. A practical
approach to development and control of documented
information will assist in business protection as well as
providing sources of information for workers relating to hazard
identification. Consider a risk-based approach to the level of
documented information required including consideration
for literacy and language. Documented information is not restricted
to hard copy and will appear in a variety of media including
electronic format, emails and web based. Below is a selection of
the variety of documented information:

Internal / Type Use

External Sources
External Regulatory Government website instructions
and leaflets, codes of practice
External Information External Provider material safety
data sheets, certificates of
conformity
External Information External Provider machinery
installation instructions and
technical specifications
External Information Risk assessments and method
statements
External Certificates Fire system, fixed wiring service
records, liability insurance
documents
External Training Certificates of competence (Fork
Lift Truck, OH&S awareness)
Internal Training Induction presentations, tool
box talks
Internal Training Individual training records
Internal Work Safe Systems of Work
Work Instructions
Internal Inspections Evidence of maintenance and
routine inspections

• Develop a spread sheet identifying the reasons why previous

revisions have been updated
• Determine the method of issue for documented information
with consideration for recovery of pre-modified documented
information and communication
• Archive in electronic format previous revisions of
documents based on risk ensuring there is a means of
backing up and recovering data
• Determine and identify in the spread sheet the intended
document retention timescale. This may be based on
legal requirements such as insurance documentation

External
• Determine what should be communicated and
retained based on risk
• Consider scanning to reduce reliance on paper
• Maintain the integrity of archived documentation

Remember to create a simple system to use for all to

understand and access accordingly. Consider supporting the

AG
 QCS MANAGEMENT PVT. LTD.

SECTION 8:
OPERATION
Once processes within the organization have been identified (see clause 4.4) and planned,
the method in which the business will operate (see Clause 6.0), the company needs to plan
and control each process within the OH&S management system.

determined in clause 6.0, the organization will use the ‘Hierarchy of

Controls’ outlined in section 6 to eliminate or reduce hazards to the
Operational Planning and Control is the method in lowest practicable risk. It is essential that when conducting risk
which the organization determines what is required for assessment workers, including external providers, are competent.
each process and the method in which requirements On completion of risk assessment results should be communicated
are controlled to ensure workers are protected from with those workers directly affected within the operation and to aid
harm. Operational Planning and Control is achieved by the development of control measures. Workers need to be included
identifying the criteria for each process which may include: in the process of assessment and other system elements.

• The boundaries of each process and

how they interact
• What resources are required to manage the
process including leadership, equipment, time,
human (competency and training aspects) and
financial
• What documented information is required to aid
management of the process including
procedures and safe systems of work
• The method in which changes to the process are
planned and controlled including unintended
events
• Application of legal and other requirements
or manufacturer’s instructions for equipment
• Engineering controls, for example interlocked
guards and exhaust systems

The organization must also consider the adaptation of

the work environment to ensure it is suitable and
First aider Temporarily train staff in alternative
sufficient for all workers. Adaptation in broad terms
absent means of receiving first aid treatment
may be induction of new workers or ergonomically
including neighbouring businesses and
changed processes to
emergency services.
protect workers from harm and improve process efficiency.
Introduction
of a new piece
Eliminating hazards and of machinery

reducing OH&S risks

Having chosen the methodology for risk assessment

Flood within a
building
AG
Introduction of
new software
 QCS MANAGEMENT PVT. LTD.
receipt of the notification to ensure it is communicated and
Management of Change understood. Notification of change may be supported by
training and competence requirements. Change process
It is recognised that accidents can occur when
could incorporate a mechanism to assess and prevent the
processes deviate from defined established control
introduction of new hazards. Examples of events where
measures. This may include changes in competent
management of change might be necessary include but this
supervision and workers or the introduction of new
is not exhaustive:
materials, machinery and processes.

The organization must define and implement a

process which considers change throughout the
business. This may be a written policy which
accounts for different scenarios based on risk and
opportunity. The change process may be supported
by a documented system to acknowledge issue and

may consider the use of contractor selection criteria to ensure

General services are within scope of the task.
The purchase of goods and services is a requirement for any The organization must be satisfied there is a process to protect
business to function. The standard requires the organization
to put controls in place to ensure those purchased goods and Changecontractors
event (workers)
Method ofand other workers who may be exposed
management
to hazards due to their activities. During the procurement
services do not introduce hazards and expose workers to Loss ofprocess written agreements may be established between
harm including contractors. knowledgeable
the organization and contractor specifying the organizations
competent
Procurement member of staff Organization of re-training of existing
member of staff supported with an
A robust procurement process is essential to control product external provider until the employee is
and services inputs into an organization. Inputs may include competent.
raw materials for products, equipment including machinery, Appoint a Project Manager to
consumables such as cleaning products and workers coordinate implementation including
conducting maintenance as part of a service agreement. The risk assessment, instruction, training,
organization is required to develop a process which should supervision. Provision of risk
include an assessment of the impact on safety of products assessment and installation method
and services prior to purchase. This may include obtaining statement
product or material safety data from an external provider or from external provider. Development
by conducting a risk assessment. Risk assessment with an of control documents based on
external provider may be considered during activities such as manufacturers recommendations.
the purchase and installation of machinery. The assessment rules. This may be supported by risk assessments and
would identify potential hazards and suitable control measures method statements conducted by both parties with
to protect both organizational workers and contractors. communication of results.

Within the process, consider the delivery of products to It is key that necessary checks have been made to ensure
ensure they are inspected against specified requirements contractors are competent and may, in some
prior to release. Consideration must also be made to ensure circumstances, require confirmation of compliance to legal
those products and services are legally compliant. This may requirements. For example, certification to work on
be through the assessment of material safety data sheets, electrical switch gear or to work on a gas boiler.
declarations of conformity or business registration with trade
Once the procurement process has been completed it is good
associations. Personnel who are responsible for procurement
practice to support site activities with an induction programme.
must ensure they utilise competent workers to assist with
This will provide contractor workers with an understanding
assessments and to communicate safety information relating to
of the rules including any specific requirements, for example,
product or service. Health and safety information may include
site hazards, authorised areas, near miss reporting processes,
material safety data sheets, training, competence requirements
safe walking routes, emergency action plans, supervision and
and instructions for use.
required permits to work.

Contractors and Outsourcing

Many businesses use the services of contractors (external
providers) to fulfil gaps in processes and to complete tasks
requiring specialist knowledge. The standard requires the
organization to conduct an assessment on those contractors
including due diligence competency checks. The organization

AG
 QCS MANAGEMENT PVT. LTD.
Documented Information
The standard requires the organization to maintain
documented information relating to the procurement of
products and services including contractor arrangements.
Below is a list of examples of documented information
considered for retention:

• Risk assessment and method statements between the

organization and contractor
• Material safety data sheets
• Email exchanges relating to safety aspects
• Certificates of conformity – Harnesses, guarding, emergency
stops, PPE
• Contractor permits and licences
• Completed external provider questionnaires
• Worker training records

Emergency preparedness
and response
Planning for unexpected events is a good all-round
organizational discipline. The risk assessment process, for
ISO 45001 identification of hazards, may have highlighted
potential emergency situations with possible catastrophic
consequences. Therefore, it is necessary to put control
measures in place to mitigate for these potential events.

Once emergency situations have been identified, which may

involve workers at every level of the organization, a plan
needs to be formulated and tested. Check that emergency
preparedness and response have been tested within the
internal audit plan.

Testing emergency response plans are critical to raise

awareness of potential events and ensure control measures
function including supervision, individual responsibilities,
suitability of training and communication. Below are some
examples of when emergency plans will be required:

Bomb threat Raising the alarm, what to do with

Event workers – stay put or evacuate to a
Recommendation
safe area, keeping away from
Provision of Testing
windows, of controlled
first aid response,
method consider
of raising
first aid shift patterns, availability of
the alarm.
Chemical Method of raising
equipment the alarm,
and competent contacting
staff etc.
spillage the emergency services, accountability
Evacuation drill of workers, staged evacuation, changes
in building layout etc.
Raising the alarm, evacuation,
Once the plan has been tested it is important to provide containment, availability of Material
workers with feedback to learn from experience. Again, Safety Data Sheets.
there is a requirement to have suitable information and
records as documented information.

AG
 QCS MANAGEMENT PVT. LTD.

SECTION 9:
PERFORMANCE
EVALUATION
Performance evaluation is a constructive process that aims to improve an
organization’s operation and is crucial to the ‘Plan, Do, Check and Act’ model
prescribed by ISO 45001. These processes should help achieve and support
organizational strategy and goals.

Monitoring, measurement, analysis and evaluation

An organization should check, review, inspect and observe its planned activities to ensure they are occurring as intended. An
organization must make sure they have determined the appropriate processes, so they can evaluate how well they are
performing based on risk and opportunities. Monitoring generally indicates processes that can check whether something is
occurring as intended or planned.

The tables below provide examples of monitoring and specific control measures:

Event Local Exhaust Ventilation System (LEV)

Monitoring Appointed person to weekly inspect airflow of an LEV system to safely remove fumes from a process.

Measurement Use of a calibrated meter to check the airflow at two inspection locations of the system according to a
Evaluation specified Work Instruction. (Employee is trained and competent to use the equipment).

Analysis Review of recorded data determining the airflow efficiency of the system to ensure workers are safe. This may
include trends. This would be in compliance with manufacturers specifications and regulatory requirements.
The trend analysis indicates a reduction in airflow therefore maintenance is triggered to isolate and inspect the
LEV system.
Event Safe Walking Routes

Monitoring

Measurement Visual inspection to ensure there are no obstructions outside of defined safe walking routes. (Usually
Appointed person
measurement daily site with
is associated inspection of safe walking
measurement routes
equipment to ensure
to obtain they are in a condition to prevent slips,
data).
trips and falls.
Analysis Examination of results from inspections. In this case there may be a trend of equipment repeatedly left in the
same location of a Safe Walking Route.

Determination of root cause of why equipment is repeatedly left in the safe walking route. Resulting in
allocation of designated safe place for equipment away from the safe walking route.

AG
 QCS MANAGEMENT PVT. LTD.

Any equipment used to determine the measurement ‘indicator’

should be calibrated and maintained so that a high degree of
confidence is gained in the credibility of data. The standard
also requires the organization to implement a process to
evaluate legal and other compliance including:

• The frequency and method of evaluation

• If action is needed, the process in which it will be
evaluated and implemented
• Maintain knowledge and understanding of
its compliance status
• Retain documented information to support the evaluation
of legal and other requirements

In practice you may consider putting a list of

compliance obligations within a spreadsheet as
outlined under section 6 of this document. Periodically
this process should be audited within the internal audit
programme to ensure all compliance obligations have
been fulfilled. Audit results
including compliance status should be communicated to
senior leadership within the organization. Any outstanding
or pending requirements can be actioned by the leadership
team. This will ensure compliance to obligations and
reduction in risk including potential prosecution.

AG
 QCS MANAGEMENT PVT. LTD.
Internal audits must be conducted by competent staff with a
degree of impartiality to the area being audited. A risk-based
approach can be applied to areas being audited with an
increased focus on higher risk activities. Internal audits must
be planned with an expectation of each process being audited
Internal Audit in regular intervals.

In addition to planned audits, unplanned audits may be

An internal audit is a systematic method to check
conducted in reaction to problematic areas, near miss
organizational processes and requirements, as well as those
reports or incident data with focus on accident prevention.
detailed in the ISO 45001 standard. This will ensure the
processes in place are effective and the procedures are being It is beneficial to communicate audit results to applicable
adhered to. The internal audit programme will aid the interested parties including workers and set realistic
organization to achieve the OH&S objectives and targets. It completion timescales for identified ‘opportunities for
helps: improvement’ or ‘non- conformities’. Top Management must be
aware of deficiencies within the system to ensure necessary
• Monitor compliance to policy and objectives
resources can be allocated to mitigate the findings. Audit
• Provide evidence that all necessary checks are carried out
results will be reviewed as part of the management review
• Ensure all current legislative and other requirements are met
process.
• Assess the effectiveness of risk management
• Worker engagement leading to a positive safety culture
• Identify improvement using ‘fresh eyes’ to review a process Management Review
• Aid continual improvement
Management Review is an essential element of the
Occupational Health and Safety Management System. The
aim of the review
is for Top Management to assess the performance of the
management system to ensure it has been effective and
suitable for the needs of the business, ultimately preventing
injury or harm to workers. The management review is also a
planned activity to review objectives including compliance and
to set new objectives.

Usually management review meetings are conducted

annually, however many organizations conduct
management reviews every six months or quarterly to
track the performance of the system. If more frequent
meetings are conducted, often the meeting agenda is
reduced with the full agenda occurring annually.

The table on the following page provides an overview

of prescribed management review agenda
requirements:

AG
 QCS MANAGEMENT PVT. LTD.

9.3 Standard
Summary of requirement for Management Review agenda / clause reference point
reference

a)
Provide a summary of the status of actions from the output of the previous management review. This will
include completed or incomplete tasks and justifications for their status. This information can be pre-prepared
for the meeting.
b1)
Explain any changes to internal and external issues relevant to the context of the organization to ensure the
needs and expectations of interested parties including workers are fulfilled.
b2)
In addition to B1 note any changes or pending changes to legal and other requirements and actions to address
compliance obligations.
b3) If there are any differences or changes to organizational risk and opportunities, they should be noted and
explained and discussed in the section below.
c) Review whether compliance to OH&S policy and objectives have been achieved. It is good practice to place
objectives within a table, align key performance indicators to achieve them and comments if they have or have
not been achieved. This will also indicate compliance status of continual improvement.
d1) Discuss any incidents or non-conformities which have occurred since the last review period including trends.
Are there any trends and what actions have been taken to prevent re-occurrence?
d2) Determine if monitoring and measuring has been effective in meeting expectations within the organization. If
evidence suggests it has not been effective Top Management can influence improvement.
d3) Discuss the status of compliance to legal and other requirements. This may include evidence to support
compliance including the methods of determination and sources of information. Discuss any pending legal and
other requirements.
d4) Discuss results of internal audits and actions that have been taken to resolve any non-conformities. Discuss
areas of improvement and areas which are performing well.
d5) Overview of consultation of workers. This may be feedback from safety committee meetings and actions to
address risk and opportunities. Other processes to ensure workers are safe including contractor arrangements.
d6) Discuss risk and opportunities including performance of hazard identification and opportunities to mitigate
harm to workers. The organization may wish to review significant findings of risk assessments.
e) With consideration of the information discussed in previous sections are there enough resources to maintain
and continuously improve the management system. This could be human or financial. Top Management are
key to influence improvement in this area.
f) Discuss communications with interested parties, this may include regulatory authorities or external
providers who are providing materials which have an impact on safety.
g) General discussion with the provision of information how the OH&S management system is performing and
how can it continually improve in the future.

On completion of the management review meeting the stability, adequacy and effectiveness in achieving its intended
organization must decide with senior leadership and support, outcomes
what is needed to continuously improve OH&S and satisfy • Identify continual improvement opportunities
the standard. The following points outline the Management • Identify any required changes to the OH&S
Review Meeting output requirements: management system
• Identify required resources
• Provide a wide-ranging conclusion to the continuing • Identify any actions needed

AG
 QCS MANAGEMENT PVT. LTD.
• Identify any integration improvements with other business
• Any implications to the strategic direction of the business.
processes. This may be further harmonisation with ISO
This is a broad scope requirement to capture any topic to
9001 or ISO 14001 management systems
improve the OH&S management system

The organization is required to record the meeting

minutes within documented information. This information
must be communicated to the relevant interested parties
and where applicable worker representatives.

It is good practice to transfer management review objectives

into a separate document with identified key performance
indicators, expected completed timescales and delegated
responsibilities. These objectives may be communicated via
the organizations email or placed on notice boards.

AG
QCS MANAGEMENT PVT. LTD.

AG
 QCS MANAGEMENT PVT. LTD.

SECTION 10:
IMPROVEMENT
• From the results discussed in section 9 Management Review including the
analysis and evaluation of OH&S performance, internal auditing and feedback
from worker engagement
• Non-conformity and corrective action
• Incident investigation and corrective action
• Accident investigation and corrective action
• Compliance obligations including output from the introduction of new regulation

Several different methods of capturing improvement opportunities may be designed

in the system based on the structure, activities and risk within the business discussed
in section 4 and 6. The chosen methods must consider the following:

• Means of reporting including incidents to the right

groups of workers and interested parties
• The timescale of reporting
• How the information is going to be recorded
as documented information for example near
miss report cards, accident reports, defect
reports, reports to senior leadership
• Using workers to participate in investigations to
determine root cause analysis
• A structured system to prevent reoccurrence
• Hierarchy of control measures to reduce risk as
far as is reasonably practicable
• Assessment of OH&S risks prior to the introduction
of a corrective action to prevent the introduction of
new hazards
• Training and competence for workers and interested
parties on the means of reporting OH&S hazards,
incidents and opportunities for improvement

AG
 QCS MANAGEMENT PVT. LTD.

Incident
Unlike ISO 9001 Quality and ISO 14001 Environmental management systems, ISO 45001 introduces ‘Incident’ alongside non-
conformity and corrective action. Clause 3 ‘Terms of Definition’ within the standard provides the parameters in which ‘incident’
can be interpreted and reported. An ‘incident’ is an occurrence that does not result in an injury and / or ill health. Therefore,
the organization must implement a system of reporting that captures events which have not necessarily been foreseen within
processes of the management system. Often these are referred to as ‘near misses’, ‘near-hit’ or a ‘close call’. When a near miss is
reported there may be a process in which during the investigation the findings are recorded within a non-conformance report.

Basic example process of reporting an incident leading to non-

conformance, corrective action and continuous improvement
Process Event Management System

Incident
• A delivery vehicle during a reversing • Driver has conducted the visitor
manoeuvre narrowly misses a worker. induction including issue of site map.

Near miss
• The worker fills out a simple report card outlining • Near Miss Report Card available across the
report Card
the occurrence with the assistance of the site. Process training delivered during
supervisor. induction.

Corrective
• Cones and tape are immediately placed to • Temporary Corrective Action.
Action
prevent entry to the area of incident by the
supervisor.

Investigation
• The supervisor has a discussion with the • Details recorded as part of the investigation.
delivery driver relating to the circumstances. • Risk assessment reviewed.
• The warehouse and site manager discuss the
incident and review the associated risk
assessment.
• Workers located in the area provide input.

Risk based
• Following the risk assessment review including • Risk assessment revised.
thinking
discussions with Top Management, physical barriers • Delivery driver induction modified to
solution
are placed on the pedestrian walkway as include barriered walkways.
segregation of vehicles and transport. • Non-conformance report completed with
• Additional lighting is installed. root cause analysis.
• Barriers are incorporated into the • Recorded within the incident report register.
maintenance programme. • Maintenance programme updated.

Communication
• The delivery driver (worker) is contacted • Incident report sent to transport company.
and provided with incident feedback and • Incident report worker signs the corrective
closure. action report as evidence of positive feedback.
• The worker who reported the near miss is
provided with feedback.

Review effectiveness of the introduced changes.

• The incident is discussed at the Safety
committee and management meetings.
• The responsible supervisor reports the

AG
 QCS MANAGEMENT PVT. LTD.
•S fety committee and management meeting • Committee meeting minutes posted on
a minutes. notice boards.

Management
• Overview of incident and positive outcome • Near miss / incident statistics review.
Review
within statistics. Management Review Minutes communicated.
• A regular audit of pedestrian routes is
added to the internal audit programme as
part of an improvement objective.

AG
 QCS MANAGEMENT PVT. LTD.
Resulting in Continuous Improvement

GET THE MOST

FROM YOUR
MANAGEMENT
SYSTEMS
Top tips to get the most out of your health and safety
management system:

1. To have an effective OH&S management 5. When designing processes ensure that they
system the organization must have are relevant to the environment they are
commitment from ‘Top Management’ to intended to be used. In other words, do not
implement and continually improve overcomplicate the system

2. Develop the management system as

a tool to protect workers and business
interests and not just to satisfy the
standard

3. Use ‘context’ to understand how

the organization can internally and
externally impact on OH&S
including workers

4. Inform interested parties and workers

of their objectives when implementing
the standard to gain ‘buy in’ and
generate a positive safety culture

AG
 QCS MANAGEMENT PVT. LTD.
6. Build the requirements of the help embed OH&S into the thinking of
standard in to existing both Top
processes and control – OHS is Management and Workers leading to a
not an add-on safe workplace

7. Consider integrating this 8. Implementation of this standard is not

standard into existing a burden on your organization. Risk
management systems such as based thinking with the participation of
ISO 9001 Quality and ISO workers should improve safety culture
14001 Environmental. This will and productivity

AG
QCS MANAGEMENT PVT. LTD.

AG
ISO 45001:2018 OCCUPATIONAL HEALTH AFETY IMPLEMENTATION GUIDE 31
&S
 QCS MANAGEMENT PVT. LTD.

NEXT STEPS ONCE

IMPLEMENTED
AWARENESS TRAINING INTERNAL AUDIT
• Your organization should raise awareness • A robust internal audit system for the organization is
about various standards covered under IMS. essential. Internal Auditor Training is recommended
and NQA can provide Internal Auditor Training for the
1 • You should hold separate training meetings for top
management, middle management and junior level
management, which will help to create a 6 standard(s) that you are implementing.
• It is important to implement corrective actions for
motivating environment, ready for implementation. improvements, in each of the audited documents, in
order to bridge gaps and ensure effectiveness of IMS.

ORGANISE A MANAGEMENT ‘SYSTEM’

POLICY AND OBJECTIVES REVIEW MEETING
• Your organization should develop an Integrated • Top level management must review various official
Quality Policy/Environment Policy/Health & business aspects of the organization, which are
Safety Policy/Information Security Policy and
2 relevant objectives to help meet the
requirements.
7 relevant to the standards being implemented.
• Review the policy, objectives, results of internal
audit, results of process performance, results of
• By working with top level management your complaints/feedback/legal compliance, results of risk
company should hold workshops with all levels of assessment/incidents and develop an action plan
management staff to outline the integrated following the meeting - which must be minuted.
objectives.
THOROUGH GAP ANALYSIS OF
INTERNAL GAP ANALYSIS IMPLEMENTED SYSTEMS
• Your organization should identify and compare the • A formal pre-certification gap analysis should be
level of compliance of existing systems against conducted to assess effectiveness and compliance of

3
requirements of the standards under your new
IMS. 8 system implementation in the organization.
• This final gap analysis will prepare your organization
• Relevant staff should all understand the operations for the final certification audit.
of the organization and develop a process map for
the activities within the business.

CORRECTIVE ACTIONS
DOCUMENTATION / PROCESS DESIGN • Organization should be ready for final certification
audit, providing that the gap analysis audit conducted
• The organization should create documentation in the last step and all the non-conformities (NC)
of the processes as per requirements of
relevant standard(s).
9 have been assigned corrective actions.

4 • You should write and implement a manual,

functional procedures booklet, work instructions,
• Check that all the significant NCs are closed and the
organization is ready for the final certification audit.

system procedures and provide associated terms.

FINAL CERTIFICATION AUDIT

DOCUMENTATION / PROCESS • Once completed, your organization is hopefully
recommended for registration to
IMPLEMENTATION ISO 9001/14001/ISO 45001.
• Processes / Documents developed in step 4, should
be implemented across the organization covering
10 • CONGRATULATIONS!

5 all the departments and activities.

• The organization should hold a workshop on
the implementation as per applicable for the ISO
standard requirements.

AG
 QCS MANAGEMENT PVT. LTD.
32

NOTES
ISO 45001:2018 OCCUPATIONAL HEALTH & SAFETY IMPLEMENTATION 33
GUIDE

34

AG
 QCS MANAGEMENT PVT. LTD.

NOTES

AG
QCS MANAGEMENT PVT. LTD.
35

Authored on behalf of NQA by: Alister Constantine

AG