ISO 45001

REVEALED

The New International Way to Manage

Occupational Health & Safety Management System
 INTRODUCTIONS, OVERVIEW & OBJECTIVES
The purpose of an OH&S management system is to provide a framework for managing OH&S risks.

The intended outcomes of the OH&S management system are to prevent work-related injury and ill
health to workers and to provide safe and healthy workplaces; consequently, it is critically important
for the organization to eliminate hazards and minimize OH&S risks by taking effective preventive and
protective measures.

When these measures are applied by the organization through its OH&S management system, they
improve its OH&S performance. An OH&S management system can be more effective and efficient
when taking early action to address opportunities for improvement of OH&S performance.

Implementing an OH&S management system conforming to this document enables an organization

to manage its OH&S risks and improve its OH&S performance. An OH&S management system can
assist an organization to fulfil its legal requirements and other requirements.

www.ehsemiratesfoundation.com ISO 45001 Revealed

 Success factors
The implementation of an OH&S management system is a strategic and operational decision for an
organization. The success of the OH&S management system depends on leadership, commitment and
participation from all levels and functions of the organization.

The implementation and maintenance of an OH&S management system, its effectiveness and its
ability to achieve its intended outcomes are dependent on a number of key factors which can include:

a) Top management leadership, commitment, responsibilities and accountability.

b) Top management developing, leading and promoting a culture in the organization

that supports the intended outcomes of the OH&S management system.

c) Communication.

d) Consultation and participation of workers, and, where they exist, workers’ representa
tives.

e) Allocation of the necessary resources to maintain it.

f) OH&S policies, which are compatible with the overall strategic objectives and direction
of the Organization.

g) Effective process for identifying hazards, controlling OH&S risks and taking advantage
of OH&S opportunities.

h) Continual performance evaluation and monitoring of the OH&S management system

to improve OH&S performance.

i) Integration of the OH&S management system into the organization’s business process
es.

j) OH&S objectives that align with the OH&S policies and take into account the organiza
tion’s hazards, OH&S risks and OH&S opportunities.

k) Compliance with its legal requirements and other requirements.

www.ehsemiratesfoundation.com ISO 45001 Revealed

 Demonstration of successful implementation of this document can be used by an organization to give
assurance to workers and other interested parties that an effective OH&S management system is in
place. Adoption of this document, however, will not in itself guarantee prevention of work-related
injury and ill health to workers, provision of safe and healthy workplaces and improved OH&S perfor-
mance.

The level of detail, the complexity, the extent of documented information and the resources needed
to ensure the success of an organization’s OH&S management system will depend on a number of
factors, such as:

The organization’s context (e.g. number of workers, size, geography, culture,

legal requirements and other requirements);

The scope of the organization’s OH&S management system;

The nature of the organization’s activities and the related OH&S risks.

PLAN-DO-CHECK-ACT CYCLE
The OH&S management system approach applied in this document is founded on the concept of
Plan-Do-Check-Act (PDCA).

The PDCA concept is an iterative process used by organizations to achieve continual improvement. It
can be applied to a management system and to each of its individual elements, as follows:

a) Plan: determine and assess OH&S risks, OH&S opportunities and other risks and other
opportunities, establish OH&S objectives and processes necessary to deliver results in
accordance with the organization’s OH&S policy;

b) Do: implement the processes as planned;

c) Check: monitor and measure activities and processes with regard to the OH&S policy and
objectives, and report the results;

d) Act: take actions to continually improve the OH&S performance to achieve the intended
outcomes.

www.ehsemiratesfoundation.com ISO 45001 Revealed

 IMPLEMENTATION PROCESS AND INTEGRATION
Are you about to embark upon the journey of health and safety improvement? It is now recognised by
many companies that to embark upon such a journey will require a reliable and robust vehicle to
transport them to their desired destination. If ISO 45001 is to be your chosen vehicle, then the steps
involved in implementing such a system can be likened to any journey that you would undertake in
everyday life.

Health & Safety Policy

Is the ‘road map’
Your health and safety policy should provide clear ‘direction’ as to where you want to be and the strat-
egies that are to be deployed to enable you to reach your chosen destination. It should clarify the vehi-
cle to be used, (in this case ISO 45001) and detail who will be responsible for driving and steering it
throughout the whole journey. As all employees will be required to travel along with you, your planned
journey will have to be communicated to all employees and a copy of the road map (OH&S policy
statement) explained to everyone, therefore avoiding the journey becoming a ‘mystery tour’.

www.ehsemiratesfoundation.com ISO 45001 Revealed

 Planning for hazard identification, risk assessment and risk
control
‘Route planning’
Before you set off upon your journey, an assessment will have to be made to identify any actual or
potential hazards that may prevent you from reaching your ultimate destination (hazard identification
and risk assessment) and your route adjusted to suit (risk control). Consideration will have to be taken
when developing your company specific road map (policy statement) to the avoidance and elimina-
tion of such hazards.

Legal and other requirements

The ‘one-way streets’
All companies are affected by health and safety legislation, albeit to varying degrees. Legislation can
be likened to a ‘one way’ street, you have to drive up it the right way or you could ultimately face a fine
and/or prosecution. However, like a one-way street, legislation can be avoided (e.g. by eliminating the
use of hazardous chemicals within your workplace you can negate the need to comply with the Control
of Substances Hazardous to Health Regulations - COSHH). You will need to identify the ‘one-way’
streets (legislative obligations) that you will have to travel down upon your journey and ensure that
your road map (policy statement) makes reference to them. To avoid driving down a ‘new’ one-way
street the wrong way you will have to keep up to date with changes to legislation.

Objectives
The ‘one-way streets’The mandatory ‘points of call’

Detail where you need to be, and by when, to arrive at your ultimate destination. Consideration will
have to be taken as to the least hazardous routes (risk assessment results), the one-way streets that
you need to negotiate (legal compliance) and your overall journey map (policy statement) when iden-
tifying your mandatory points of call.

OH&S management programmes

Your complete travel ‘timetable’

Once you have identified your mandatory points of call (objectives), you can begin to map out the
quickest and safest journey route (management programme). With start and completion dates being
assigned between each point of call, the time taken to reach the ultimate destination can be calculated,
the appropriate number of ‘driver’s assigned and consideration given to the amounts of fuel required
($).
www.ehsemiratesfoundation.com ISO 45001 Revealed
 Structure & responsibility
‘Drivers’ of the health and safety vehicle
As the road to continuous health and safety improvement is never ending, responsibility for driving
the vehicle (ISO 45001) will, without doubt, have to be shared. To leave all of the driving to one
individual, can ultimately lead to ‘tiredness’ and a ‘system crash’. It is often best to appoint a ‘co-driv-
er’ (Management Representative) who will ‘direct’ a number of select drivers through the one-way
streets (legislative obligations) and look out for any unpredicted hazards that may become apparent.
Once a number of suitable drivers have been nominated, a decision can then be made as to which
particular parts of the journey that they themselves will drive.

Training, awareness and competence

Driving lessons and test
Each selected driver will have to be made aware of the road map (policy statement), road hazards
(hazards and risk assessments), and one-way streets (legal obligations) and be taught the Highway
Code (safe systems of work/procedures). External ‘driving instructors’ [consultants] may be used for
this purpose. An ‘on the road’ test (measure of competence) will have to be taken and passed at the
end of the driving lessons (training).

Consultation and communication

Making everyone aware of the complete journey Including the finalised road map (policy), the
one-way streets (legislation), the key points of call (objectives), travel timetable (management
programme) and Highway Code (operational procedures).

Documentation
Vehicle Operating Manual
The Vehicle-Operating Manual (OH&S policy manual) details how the vehicle (ISO 45001) is built and
structured. Usually issued to all the ‘drivers’ at the onset of the journey, it provides a complete over-
view of how to use the vehicle correctly to minimize vehicle (system) breakdown.

Document and data control

Ensuring that journey plans are kept up to date
If everyone is to arrive at the ultimate destination at the same time, all information should be at the
same issue status. ALL drivers will need to be made aware any subsequent changes to prevent them
straying from the convoy.

www.ehsemiratesfoundation.com ISO 45001 Revealed

 Operational control
The ‘Highway Code’
The Highway Code (operational procedures), which, if followed, will ensure that accidents do not
occur, and that one-way streets (legal obligations) are negotiated correctly.

Emergency preparedness and response

‘Breakdown and recovery membership’
Contingency plans, should an emergency occur.

Performance measurement and monitoring

‘Regular checks to see that the journey is to plan’
Continual monitoring and measurement of key points of call (objectives) and the status of the
one-way streets (legal compliance).

Accidents, incidents, non-conformance and corrective and

preventive action
‘Accident reporting’
Provides a systematic means of reporting accidents should they occur along the journey. It makes
provisions for the amendment of vehicle (system) faults, should that be found to be the cause of the
accident.

Records and records management

The ‘glove compartment’ of ISO 45001
Where all obsolete road maps (policies), travel timetables (management programmes), etc. are kept
for reference purposes.

www.ehsemiratesfoundation.com ISO 45001 Revealed

 Audit
‘Vehicle servicing’
A periodic check as to the continued road worthiness of your vehicle (system). The vehicle manufac-
turers (management team) usually specify the frequency of a ‘complete service’, e.g. every 6000
miles (6 months). Failure to carry out regular servicing of the vehicle (system) can result in an acci-
dent.

Third Party Certification

‘MOT’
An independent check, by an accredited garage (certification body) to determine the road worthiness
of your vehicle (system). Following a set of pre-determined checks, a certificate or a test sheet detail-
ing the areas requiring repair is issued.

Management review
‘‘Motorway service stops’
Whereby all the drivers can get together to review the journey to date and discuss the effectiveness
of, and changes to, the road map (policy), key points of call (objectives), travel timetable (manage-
ment programme), one-way streets (legislation) and the highway code (operational procedures).
Such a get together is used to assess the adequacy of fuel levels (£) to complete the journey, and to
discuss the results of police spot checks (Audits) and MOT’s (Certification).

www.ehsemiratesfoundation.com ISO 45001 Revealed

 DOCUMENTED INFORMATION
It is important to keep the complexity of the documented information at the minimum level possible
to ensure effectiveness, efficiency and simplicity at the same time.

This should include documented information regarding planning to address legal requirements and
other requirements and on evaluations of the effectiveness of these actions.

“Documented information” is used to include both documents and records. This document uses the
phrase “retain documented information as evidence of…” to mean records, and “shall be maintained
as documented information” to mean documents, including procedures. The phrase “to retain docu-
mented information as evidence of…” is not intended to require that the information retained will
meet legal evidentiary requirements. Instead, it is intended to define the type of records that need to
be retained.

Information required to be controlled and maintained by an organization and the medium on which
it is contained. Documented information can be in any format and media, and from any source and
documented information can refer to:

a) The management system, including related processes

b) Information created in order for the organization to operate (documentation);
c) Evidence of results achieved (records).

Mandatory documents and records required by ISO 45001:2018

Here are the documents you need to produce if you want to be compliant with ISO 45001:

Scope of the OH&SMS (clause 4.3)

OH&S Policy (clause 5.2)
Roles and responsibilities (clause 5.3)
OH&S risks and OH&S opportunities (clause 6.1.1)
Processes needed to address risks and opportunities (clause 6.1.1)
Methodology and criteria for assessment of OH&S risks (clause 6.1.2)
OH&S objectives and plans (clause 6.2.2)
Communication (clause 7.4)
Operational controls (clause 8.1.1)
Emergency preparedness and response process (clause 8.6)

www.ehsemiratesfoundation.com ISO 45001 Revealed

 And here are the mandatory records:
Applicable legal and other requirements (clause 6.1.3)
Records of training, skills, experience and qualifications (clause 7.2)
Monitoring and measurement results (clause 9.1)
Calibration and verification of monitoring and measuring equipment (clause 9.1)
Evaluation of compliance obligations (clause 9.1.2)
Internal audit program (clause 9.2.2)
Results of internal audits (clause 9.2.2)
Results of the management review (clause 9.3)
Incidents and nonconformities (clause 10.1)
Results of corrective actions (clause 10.1)

Non-mandatory documents

No system exists using only the mandatory documents. There are numerous non-mandatory
documents that can be used for ISO 45001 implementation. However, I find these non-mandatory
documents to be most commonly used:
Procedure for determining context of the organization and interested parties (clauses 4.1
and 4.2)
Procedure for identification and evaluation of OH&S management system risks and oppor-
tunities (clauses 6.1.1 and 6.1.2)
Competence, training and awareness procedure (clauses 7.2 and 7.3)
Procedure for communication (clause 7.4)
Procedure for document and record control (clause 7.5)
Procedure for internal audit (clause 9.2)
Procedure for management review (clause 9.3)
Procedure for management of nonconformities and corrective actions (clause 10.2)

The good thing is that the standard went in the same direction as ISO 9001 and ISO 14001 regarding
the approach to documents and records, and the requirements are the same for common require-
ments of those standards. On the other hand, it dropped some theoretical requirements compared to
OHSAS 18001, such as documenting OH&SMS Elements & their interaction. In this way the standard
emphasizes demonstration of OH&S management system effectiveness rather than writing endless
theoretical procedures.

www.ehsemiratesfoundation.com ISO 45001 Revealed

 UNDERSTANDING THE CONTEXT OF YOUR
ORGANIZATION

As with the other recently revised ISO management standards (ISO 9001:2015 / ISO 14001:2015)
the context is one of the corner stones of the revision and potentially generated the highest
number of questions from clients.
The context of the organization is a consideration of the internal and external influences the organiza-
tion is required/chooses to respond to in relation to the OHS management system. The influences can
be positive or negative and may come from a range of sources.

If we start with the organization as it stands now; consider the current situation of the organization
and ask:

Why do we do this?
What is the intended outcome / benefit?
Where and who is the requirement coming from?
How do we meet / deliver this requirement?
How do we know it has been successful in achieving the intended outcome?
What if hasn’t delivered what was required – what happens next?

The above should help you identify the internal and external issues faced by the organization. Exam-
ples may include:

EXTERNAL
Legal and statutory requirements
Cultural, regional and local issues
Key industry drivers
Competition and market conditions

www.ehsemiratesfoundation.com ISO 45001 Revealed

 INTERNAL
Organization governance and structure
Roles and responsibilities
Existing knowledge of product / services / activities
Existing arrangements with workers
Culture
Strategy of the organization
Policies and objectives.
Group organizations
Existing technologies, techniques and resources
Workers

These are just a few examples of what may apply, but all organizations are individual even if they
operate in similar circumstances or industries.

Consideration of the above will aid the identification of interested parties and if you then ask the ques-
tions identified in the earlier section, the process for the context has been established. Decisions must
be made as to which of the identified needs or expectations are or could become statutory or other
requirements.

SCOPE OF THE OHS MANAGEMENT SYSTEM

The scope can only be determined once the context has been considered. The scope will need to be
documented information within the management system and must be factual statement representing
the operations included in the OHS system.

www.ehsemiratesfoundation.com ISO 45001 Revealed

 LEADERSHIP AND WORKER PARTICIPATION
Prior to the adoption of the Annex SL format, this clause was usually referred to as “management.”
The new wording was adopted to reflect the role that various types of leadership play in the adoption
of a management system.

This clause emphasizes greater involvement from top management and from employees. As a result,
top management is expected to be more involved in review procedures. Greater awareness and
participation from employees is also expected.

Comments on the draft of ISO 45001 asked for clarification on the intended outcomes of health and
safety programs. They also focused on clarifying the role of top leadership in the health and safety
management system. This clause is expected to undergo revisions before the publication of the final
standard.

This clause is the cornerstone for the success of the OH&S MS. Whilst in OHSAS 18001 top manage-
ment were responsible for OH&S and were required to ‘appoint’ a member of top management with
specific responsibility for OH&S. Top management in ISO 45001 are responsible and accountable for
the prevention of work-related injury and ill health as well as the provision of safe and healthy work-
places (not simply providing support for a management system). This requires top management to
be personally involved in order to develop, lead and promote a culture that supports OH&S. It should
also be noted that leadership and culture is identified as a potential hazard later in the standard
(6.1.2.1a).

It is also top management that has to ensure that a process for consultation and participation with
workers is established. This may include establishing a health and safety committee.

It is also top management’s responsibility to establish, implement and maintain the health and safety
policy. The required contents for the policy are enhanced from OSHAS 18001 and include elements
such as a commitment to consultation and participation of workers. Importantly consultation with
workers on the health and safety policy is included later in this clause.

Consultation and participation of workers is significantly enhanced from OSHAS 18001 which was
limited to participation in hazard identification and consultation on changes. In ISO 45001 consulta-
tions involve seeking views before making a decision with clear two-way communication, whilst
participation is involvement in decision-making. This must include non-managerial workers.
The organization is now required to provide the mechanisms, time, training and resources for consul-
tation and participation of workers. This includes removing any obstacles or barriers such as
language, literacy or fear of reprisals.

www.ehsemiratesfoundation.com ISO 45001 Revealed

 PLANNING
The standard details requirements for organisations to address risks to avoid undesired effects such
as a lack of application of legal requirements, damage to reputation, work-related injury or ill health.
It also requires organisations to address opportunities such as planning to achieve OHS objectives

This risk-based approach will enable organisations to build pre-emptive OHS management systems.

Alignment to the HLS structure has seen planning split in a slightly unusual way. There are still the
elements that you would expect and know from OSHAS 18001 such as hazard identification, assess-
ment, control, legal requirements and objective setting but the HLS requirements of risk and opportu-
nities introduced a challenge for the expert committee that developed ISO 45001.

In order to incorporate the HLS and the aim of the OH&S management system, risk and opportunities
has been broken into two elements:

Assessment of OH&S risks and other risks to the management system

OH&S risks being the ‘traditional’ likelihood x severity
Risks to the management system are those more traditionally related to business risk (effect
of uncertainty) such as peaks in work flow, restructuring as well as external issues such as
economic change

www.ehsemiratesfoundation.com ISO 45001 Revealed

 Assessment of OH&S opportunities and other opportunities to the OH&S
management system
OH&S opportunities are circumstance(s) that can lead to improvement of OH&S perfor-
mance

This includes adapting work to workers, eliminating hazards and other opportunities for improving
the OH&S management system such as implementing ISO 45001. Importantly risks and opportunities
shall be determined before planned change.

There is also increased emphasis on identifying hazards associated with mental ill-health (adverse
mental or cognitive conditions) such as workload, bullying and the leadership and culture of the orga-
nization. Additionally the identification of hazards has to start at conceptual design stage as well as
the on-going lifecycle of workplace, facility, equipment, processes, activity etc. The principles of hori-
zon scanning are also introduced within this clause. New knowledge of, and information about,
hazards has to be taken into account

www.ehsemiratesfoundation.com ISO 45001 Revealed

 SUPPORT ACTIVITIES
This clause begins with a requirement that organizations shall determine and provide the necessary
resources to establish, implement, maintain and continually improve the OH&S management system.
These cover human resources, natural resources, infrastructure and financial resources.

Simply expressed, this is a very powerful requirement covering all OH&S resource needs. This clause
covers resources, competence, awareness, communication and documented information. Resources
are defined in more detail and this demonstrates a move to an OHS management system which is
more integrated to the business as a whole.

While there's not that much change to this clause compared to BS OHSAS 18001, it is more detailed
and less ambiguous.

The competency element of this clause is very similar to OSHAS 18001 but communication is split out
in ISO 45001 into awareness, communication, internal and external communication. ISO 45001 uses
the term ‘documented information’, instead of ‘documents’ and ‘records’ as used in
OSHAS 18001.

This reflects modern types and use of information – cloud based, multi-media etc. However one of the
biggest drivers for this change was the recognition that the implementation of OH&S MS’s had led to
an over reliance on documented procedures, creating unnecessary and bureaucratic paper trails, that
did not actually improve OH&S performance.

www.ehsemiratesfoundation.com ISO 45001 Revealed

 OPERATIONAL ACTIVITIES
The operation clause specifically looks at the organisation's operational controls, emergency
preparedness and response.

This clause is more explicit about managing outsourcing, procurement and contractors than BS
OHSAS 18001 in a move to ensure organisations demonstrate a responsibility for supplier health and
safety management and do not contract out risk.

This clause is significantly enhanced from OSHAS 18001. Not only does it remove the ‘option’ of using
the hierarchy of controls, instead making its use a specific requirement, it introduces new sub-clauses
on procurement and change.

One of the real strengths of OSHAS 18001 was the explicit recognition that change needed to be taken
into account during hazard identification and risk assessment. However ‘taking into account’ and
proactively managing change are very different things. Change presents real risks and opportunities
to organizations. ISO 45001 acknowledges this and has a dedicated clause now on the management
of change.

Organization will need to plan how to implement change in a manner that does not introduce new
(unforeseen) hazards or increase the OH&S risks, whilst also identifying the opportunities for improv-
ing OH&S performance that the change may enable.

The new sub-clause on procurement provides recognition that the risks related to the supply chain
are most effectively managed when they are taken into account at the very first stages of procure-
ment – pre-tender and tender. Experience has shown that trying to manage the risks introduced by
the supply chain once its operational are extremely expensive and limited in effectiveness.

With ISO 45001, organizations have to establish procurement processes that conform to the OH&S
MS, including defining OH&S criteria for the selection of contractors. These procurement activities
have to be coordinated with those contractors.

New within this section is outsourcing. Relating back to the ‘context’ of an organization and its credi-
bility, there was concern by the expert panel that certain activities or processes with high OH&S risks
were being outsourced, without due consideration of the implications for OH&S this had. A responsi-
ble organization will establish control of those outsourced functions to achieve the intended
outcomes of the OH&S MS. Controls can include things such as procurement and contractual require-
ments, training and inspections.

www.ehsemiratesfoundation.com ISO 45001 Revealed

 PERFORMANCE EVALUATION
This clause includes monitoring and measuring OHS performance, evaluating compliance obliga-
tions and internal audits. It also references requirements for management to review the OHS man-
agement system to ensure its continuing suitability, adequacy and effectiveness.

Very similar to OSHAS 18001 in detail, the key change is where in OSHAS 18001 it was a ‘procedure’,
in ISO 45001 it now has to be a ‘process’. This is one of the fundamental changes between OSHAS
18001 and ISO 45001. Whilst the introduction of ‘processes’ is a reflection of the alignment to the
HLS, it also reflects that an effective OH&S MS is a continually improving one.

A process is a cycle, it should reflect a PDCA (plan, do, check, act) cycle and not be static. Therefore
ISO 45001 requires processes for consultation and participation, planning, hazard identification,
assessment of risk and operational control.

Management reviews have to consider risks and opportunities and trends in aspects such consulta-
tion and participation of workers to ensure it is happening effectively, which is part of their leader-
ship responsibility

www.ehsemiratesfoundation.com ISO 45001 Revealed

 IMPROVEMENT
Gone from ISO 45001 is the requirement related to ‘preventative action’ that was found in OSHAS
18001. This is because the whole of ISO 45001 is about prevention.

Organisations must establish how their OHS management system fosters a culture of continuous
improvement. Improvement now groups incidents, non-conformances and corrective actions.

Also in this clause is the requirement to eliminate the root cause(s) of incidents and non-conformi-
ties reflecting the overall aim of the standard to prevent injury and ill-health and provide safe and
healthy workplaces?

The standard concludes by underlining the fact that effective OH&S management is not static and
should continually improve and be supported by a proactive culture.

www.ehsemiratesfoundation.com ISO 45001 Revealed

ISO 45001
GAP ANALYSIS TOOL KIT
 4 Context of the organisation
CLAUSES OF ISO 45001
4.1 Understanding your
organization and its context
4.2 Understanding the needs and
expectations of interested
parties
4.3 Determining the scope of the
OH&S management system
4.4 OH & S management system
and your processes
www.ehsemiratesfoundation.com ISO 45001 Revealed
Self-Assessment Self-Assessment
questions questions
Have the OH&S-related internal and
external factors and conditions been
identified that could affect, or be
affected by, your organisation?
Have the significant risks and opportu-
nities been identified?
What drives the OH&S culture of your
organisation?
Who might affect or be affected by
your activities and what their relevant
and significant interests might be?
Have you taken their needs into
account within the OH&SMS?
Does the written statement of scope
allow for:
a) The external and internal issues
referred to in 4.1;
b) Requirements referred to in 4.2;
c) The work related activities
performed.
 5 Leadership and worker participation

ISO 45001 CLAUSE Self-Assessment Self-Assessment

questions questions

5.1 Leadership and commitment Have your senior management team

provided adequate resources to imple-
ment and manage the OH&S manage-
ment system?

Have you documented their specific roles

in establishing, implementing, maintain-
ing and reporting on the effectiveness of
the OH&S Management System?

Is “top management” engaged & leading

OH&S, rather than delegating to some-
one further down your organisation?

5.2 OH&S policy Have you developed a written policy

statement?
Is it appropriate to the nature and scale
of the organization’s occupational health
and safety risks?
Does it address a commitment to contin-
ual improvement and compliance with
relevant legislation?
Has it been effectively communicated
internally and externally?
Is there a mechanism in place for periodi-
cally reviewing the policy?

5.3 Organizational roles, Have you defined documented roles and

responsibilities, accountabili- responsibilities for the
ties and authorities OH&S Management System?

Have these roles been communicated to

all relevant staff?

www.ehsemiratesfoundation.com ISO 45001 Revealed

 5 Leadership and worker participation

ISO 45001 CLAUSE Self-Assessment Self-Assessment

questions questions

5.4 Participation and consult- Have you established a procedure for

ation consultation, participation and communi-
cation between various levels and func-
tions within your organization?

Have you established a procedure for

receiving, documenting and dealing with
communications from interested parties?

Have you considered processes/decisions

for external communication regarding
policy, hazards and risks?

www.ehsemiratesfoundation.com ISO 45001 Revealed

 6 Planning for the OH&S system

ISO 45001 CLAUSE Self-Assessment Self-Assessment

questions questions

6.1 Actions to address risks and Have the risks and opportunities from 4.1
opportunities been documented and have actions been
defined to take advantage of the oppor-
tunities and mitigate the risks?

Demonstrate that these actions have

been effective. This should include
compliance to legal and other require-
ments.

Have you established a procedure for

identifying and assessing the risk of
hazards and the implementation of
necessary control measures?

Have you considered the results of these

assessments and the effects of the
control to feed into you objectives?
Are you keeping this information up to
date?
Have you identified applicable rules,
requirements, legislation and other
requirements relevant to your organiza-
tion?
Have you established and documented a
procedure for assessing legal and other
requirements and keeping them
up-to-date?
Have legislative requirements been
factored into the controls of your man-
agement system?
Is there a procedure in place to deal with
any areas of non-compliance?

www.ehsemiratesfoundation.com ISO 45001 Revealed

 6 Planning for the OH&S system

Self-Assessment Self-Assessment
questions questions

6.2 OH&S objectives and plan Do you have documented objectives,

ning to achieve them targets and management programmes at
relevant functions and levels within the
organization?
Have you ensured that your objectives,
targets and management programmes
are consistent with the OH&S policy,
including commitments to continual
improvement, legal compliance and
identified OH&S hazards?
Have you considered technological
options, financial, operational, business
requirements and the views of other
interested parties when setting your
objectives and targets?
Have you established a process for
tracking and reporting progress and
conformance with objectives and
targets?
Have you established detailed action
plans of how you will achieve your
objectives and targets?
Do they include responsibilities, means
and time frames to which they are to be
achieved?
Have you communicated the plans to
relevant functions and levels of your
organization?

www.ehsemiratesfoundation.com ISO 45001 Revealed

 7 Support

ISO 45001 CLAUSE Self-Assessment Self-Assessment

questions questions

7.1 Resources Has an analysis of training needs been

undertaken?
Has a training plan been developed?
Has appropriate training been delivered
at all levels and within all functions?
Are records kept of training that has
been provided?

7.3 Awareness Are workers aware of policy require-

ments, hazards & risks relevant to them
and their part in the OH&S perfor-
mance, including results of relevant
incident investigations?

7.4 Information and Have you established a procedure for

communication consultation, participation and com-
munication between various levels
and functions within your organiza-
tion?

Have you established a procedure for

receiving, documenting and dealing
with communications from interested
parties?

Have you considered processes/deci-

sions for external communication
regarding policy, hazards and risks?

7.5 Documented Information Have you established a documented

description of the OH&S system includ-
ing the policy, key system procedures
and relevant forms?

www.ehsemiratesfoundation.com ISO 45001 Revealed

 8 Operation

ISO 45001 CLAUSE Self-Assessment Self-Assessment

questions questions

8.1.1 Operational planning and Have you identified those operations

control and activities associated with the
significant health and safety hazards?
Have you established operational
controls, including operating criteria?
Do these controls cover the significant
health and safety hazards relating to
goods and services?
Do these controls consider abnormal as
well as normal operating conditions?
Have the relevant controls been com-
municated to suppliers and contractors?

8.1.2 Hierarchy of controls Is the hierarchy of OH&S controls

correctly applied?

8.2 Management of change When changes to the operation are

planned, is the effect on the O&HMS
considered?

8.3 Outsourcing The OH&S implications must be

controlled as part of the purchasing
process.

8.4 Procurement The OH&S implications must be

controlled as part of the purchasing
process.

8.5 Contractors Controls and communication require-

ments with regard to contractor’s
worker activities, the host company’s
worker activities, and anyone who may
be affected by the activity in the
workplace.

www.ehsemiratesfoundation.com ISO 45001 Revealed

 8 Operation

ISO 45001 CLAUSE Self-Assessment Self-Assessment

questions questions

8.6 Emergency preparedness Have you established procedures to

and response identify potential emergency situa-
tions?
Do these procedures cover criteria for
responding to and for preventing and
mitigating the health and safety
hazards and risks that are foreseeable
during emergency situations?
Have you developed procedures to
review and revise the procedures after
an accident or emergency situation?
Do you periodically test the procedures?

www.ehsemiratesfoundation.com ISO 45001 Revealed

 9. Performance evaluation
ISO 45001 CLAUSE
9.1 Monitoring, measurement,
analysis and evaluation
9.1.2 Evaluation of compliance
with legal requirements and
other requirements
9.2.1 Internal audit objectives &
9.2.2 Internal audit process
www.ehsemiratesfoundation.com ISO 45001 Revealed
Self-Assessment Self-Assessment
questions questions
Have you established procedures to
monitor and measure the characteristics
of operations and activities with signifi-
cant health and safety hazards and
risks?
Do these procedures cover performance
against objectives and targets?
Have you established procedures to
maintain and calibrate critical monitor-
ing equipment?
Do you have a documented procedure
to regularly evaluate compliance with
relevant laws and legislation?
Have you identified the legal (and
other) health and safety requirements
that are applicable to your organiza-
tion?
Can you demonstrate that you have
evaluated compliance against them?
Do you have a documented procedure
to regularly evaluate compliance with
relevant laws and legislation?
Have you an audit procedure and
programme?
Do you undertake periodic OH&S
audits?
Does your audit programme determine
audit frequency?
Have you selected and trained an OH&S
audit team?
Have you established a process to keep
records of audit reports?
 9. Performance evaluation

ISO 45001 CLAUSE Self-Assessment Self-Assessment

questions questions

9.3 Management review Does your management team review

the adequacy of your OH&S system at
regular intervals?
Do your procedures ensure that
adequate information is provided for
management review purposes?
Are the conclusions and actions
required by the management review
properly documented in the form of
minutes?

www.ehsemiratesfoundation.com ISO 45001 Revealed

 10 Improvement

ISO 45001 CLAUSE Self-Assessment Self-Assessment

questions questions

10.1 Incident, nonconformity Note: Preventive Action has been

and corrective action dropped because this is addressed
through management of risks and
opportunities.

Have you developed procedures for

investigating, correcting, and prevent-
ing system deficiencies?

Have responsibilities been assigned for

taking and tracking the completion of
corrective actions?

Have you established a process to revise

procedures or other OH&S documents
based on corrective/preventive actions?

10.2.1 Continual improvement Employees are involved in continual

objectives improvement

10.2.1 Continual improvement A process that demonstrates continual

objectives improvement is planned, implemented
& maintained.

The required and actual outcomes of

continual improvement are communi-
cated to employees.

www.ehsemiratesfoundation.com ISO 45001 Revealed

Website: www.ehsemiratesfoundation.com
Email : info@ehsemiratesfoundation.com
Phone : +971 4 319 7923