ISO 45001:2018

Preparation self-assessment.

A first step to understanding what areas to focus on

to comply with the new international standard for
Occupational Health and Safety.
 Preparing for ISO 45001
ISO 45001:2018 is the first ISO standard for
Occupational Health and Safety (OH&S).
While ISO 45001 is a new international standard,
it builds on the concepts and requirements in
OHSAS 18001:2007. Whether you are migrating
from OHSAS 18001 or implementing an OH&S
Management System (OHSMS) for the first time –
this self-assessment will help you take the first
steps to understanding what needs to be done.

2 | Lloyds Register
How to use this workbook
We recommend that you start by
reading the full text of ISO 45001:2018
including the terms and definitions
found in Section 3 and Annex A, which
gives guidance on the standard.
Then work through each section
of the workbook to estimate your
readiness level.
We’ve suggested three levels
of readiness:
1 = not started
2 = work in progress
3 = ready
During a certification audit, your
assessor will be looking for how you
can demonstrate that you meet the
requirements – so we have added a
column for this. Here you could take a
yes/no approach or even add some
notes as a memory-jogger.
At the end of the workbook you will
find a variety of next step options,
whatever your readiness level.
Caution!
This workbook does not cover
every requirement in ISO 45001
and is intended as a starting
point to understanding your
readiness level and not a
guarantee of compliance or
certification readiness.
We recommend that you buy a
copy of the standard and read it
all for a full understanding.

4. Context of the Organization

This section covers the internal and external factors that Readiness level Can you
impact your organisation and its ability to achieve its aims, demonstrate
as well as the scope of the OHSMS. 1 = not started this?
2 = work in progress
3 = ready Yes/No

We have determined the internal and external issues that affect our
ability to achieve the intended outcome(s) of our OHSMS.

We have determined the interested parties (stakeholders) who are

relevant to our OHSMS.

We understand the requirements, needs and expectations of our

workers and other interested parties that are relevant to the OHSMS.

Our internal and external issues, including the organisational structure

and legal requirements, were considered when we determined the
scope of our OHSMS.

The scope of our OHSMS is documented information.

Our OHSMS includes the activities, products and services within

the organization’s control or influence that can impact our OH&S
performance.

Our OHSMS addresses the processes needed and their interactions to

achieve the intended outcomes.

ISO 45001:2018 Preparation self-assessment | 3

5. Leadership and worker participation
This section covers the roles and responsibilities Readiness level Can you
of top management, setting OH&S policy, demonstrate
spreading the ownership of the OHSMS 1 = not started this?
throughout the organisation and the 2 = work in progress
consultation and participation of workers. 3 = ready Yes/No

Top management has demonstrated leadership and commitment

with respect to the OHSMS by taking overall responsibility and
accountability for the prevention of work-related injury and ill health
as well as the provision of safe and healthy workplaces and activities.

Top management ensures that the OH&S policy and related OH&S
objectives are established and are compatible with the strategic
direction of the organisation.

Top management ensures that the OHSMS requirements are

integrated into the organisation’s business processes.

Top management communicates the importance of effective OH&S

management and promotes a culture of OH&S within the organisation.

Top management ensures that the OHSMS achieves its intended

outcome(s) and promotes continual improvement.

Top management supports the creation and running of

H&S committees.

Top management has established, implemented and maintained

an OH&S policy that includes a commitment to provide safe and
healthy working conditions for the prevention of work related injury
and ill health that is appropriate to the purpose, size and context of
our organisation and to the specific nature of our OH&S risks and
opportunities.

Our OH&S policy includes commitments to:

• eliminate hazards and reduce OH&S risks,

• fulfil legal and other requirements, and
• the consultation and participation of workers,
and their representatives, where they exist.

The policy is available as documented information, communicated to

the organisation and available to interested parties.

Responsibilities and authorities for relevant roles are assigned

and communicated at all levels and maintained as documented
information.

Process(es) for the consultation and participation of workers

and, where they exist, workers’ representatives, are established,
implemented and maintained at all applicable levels and functions.

Obstacles or barriers to worker participation have been determined

and removed. Those that cannot be removed are minimized.

4 | Lloyd’s Register
6. Planning
Planning incorporates the context identified in section 4. Readiness level Can you
This section puts a strong emphasis on identifying the risks demonstrate
and opportunities – in terms of hazard identification, OH&S 1 = not started this?
risks and opportunities and any other risks and opportunities 2 = work in progress
related to achieving the aims of your OHSMS. 3 = ready Yes/No

When we plan for the OHSMS, we consider our organisational context,

the requirements of our interested parties and the scope of the
OHSMS to give assurance that the management system can achieve its
intended outcomes and prevent or reduced undesired effects.

We consider the following elements when determining the risks and

opportunities for the OHSMS:

• hazards
• OH&S risks and other risks
• OH&S opportunities and other opportunities
• legal and other requirements
• changes in the organisation, processes or the OHSMS
• any other issues and requirements

We maintain documented information on:

• risks and opportunities,

• and the processes and actions needed to be confident that they’ve
been addressed as planned.

Our organisation has established, implemented and maintains

ongoing and proactive processes for hazard identification.

Our hazard identification process considers:

• how the work is organised, social factors, leadership and

organisational culture
• routine and non-routine activities and situations
• past relevant incidents incl. emergencies and their causes
• potential emergency situations
• people
• other issues
• actual or proposed changes in organization, operations, processes,
activities and OH&S management system
• changes in knowledge of, and information about, hazards

Our process for assessing OH&S risks is implemented and maintained,

and considers the effectiveness of the existing controls.

We maintain and keep documented information on the methodology

and criteria for assessing OH&S risks.

We have a process to assess OH&S opportunities and other

opportunities to improve both OH&S performance and the OHSMS.

We have a process to keep up-to-date with legal and other

requirements that impact the OHSMS and this is documented.

ISO 45001:2018 Preparation self-assessment | 5

6. Planning (continued)
Planning incorporates the context identified in section 4. Readiness level Can you
This section puts a strong emphasis on identifying the risks demonstrate
and opportunities – in terms of hazard identification, OH&S 1 = not started this?
risks and opportunities and any other risks and opportunities 2 = work in progress
related to achieving the aims of your OHSMS. 3 = ready Yes/No

Our organisation plans actions to:

• Address legal and other requirements

• Prepare for and respond to emergency situations
• Address risks and opportunities

Our organisation plans how to integrate and implement these actions

into our OHSMS processes and other business processes and we
evaluate the effectiveness of the actions.

Our OH&S objectives take into account risks, opportunities and the
results of consultation with workers and their representatives, where
they exist.

Our OH&S objectives are:

• Measurable or capable or performance evaluation

• Monitored
• Kept up-to-date
• Communicated
• Documented information

Our plans to achieve our OH&S objectives determine:

• what will be done

• the resources needed
• who will be responsible
• timescales
• how the results will be evaluated using indicators for
monitoring progress
• how the actions are integrated into business processes

6 | Lloyd’s Register
7. Support
This section focuses on the practicalities of Readiness level Can you
setting up and maintaining an effective OHSMS demonstrate
including resources and communication. 1 = not started this?
2 = work in progress
3 = ready Yes/No

The resources needed to set up, implement, maintain and improve the
OHSMS are determined and provided.

Our workers are competent and can identify hazards based on

appropriate education, training or experience.

Our workers are made aware of the OH&S policy and OH&S objectives
and their contribution to the effectiveness of the OHSMS.

Our workers are made aware of hazards, OH&S risks and actions that
are relevant to them.

Our workers are made aware of incidents and the outcomes of

investigations that are relevant to them.

Our workers are made aware that they can remove themselves from
work situations that they consider an imminent and serious danger to
their life or health, and the arrangements that protect them from any
negative consequences of doing so.

Our internal and external communication processes determine:

• what will be communicated and when

• with whom to communicate (including workers, contractors,
visitors and other interested parties)
• how to communicate

We consider diversity (e.g. gender, language, culture, literacy,

disability) when considering our communication needs.

When setting up the communication processes, the organisation

considered legal and other requirements, and the views of external
interested parties.

We ensure that the OH&S information to be communicated is

consistent with information generated within the OH&S management
system, and is reliable.

We keep documented information as evidence of our organisation’s

communications, as needed.

When we create and update documented information, our

organisation ensures that it is easily identifiable and in an appropriate
format.

Our organisation ensures that the documented information required

by the OHSMS is available and suitable for use as needed.

Our documented information is controlled to ensure that the data is

adequately protected.

ISO 45001:2018 Preparation self-assessment | 7

8. Operation
The Operation section has a strong focus Readiness level Can you
on the management of change and the demonstrate
control of contractors and outsourcing. 1 = not started this?
2 = work in progress
3 = ready Yes/No

Our organisation plans, implements, controls and maintains the

processes needed to meet the requirements of the OHSMS and we
have documented information that demonstrates that the processes
are being carried out as planned.

At multi-employer workplaces, we coordinate relevant parts of the

OHSMS with the other organisations.

We control planned temporary and permanent changes that could

impact OH&S performance and we review the consequences of any
unintended changes, taking action where necessary.

Our procurement process is controlled to ensure it conforms with

the OHSMS.

We coordinate our procurement process(es) with contractors to

identify hazards and assess and control any OH&S risks.

We have defined and applied OH&S criteria for contractor selection.

Our outsourced functions and processes are controlled and the type
and degree of control is defined in the OHSMS.

Our outsourcing arrangements are consistent with legal requirements

and other requirements and are aligned with achieving the intended
outcomes of the OHSMS.

We provide training for the planned response to potential emergency

situations.

We communicate and provide relevant information to all workers on

their duties and responsibilities in respect of emergency preparedness
and response.

We have a process for communicating relevant information on

emergency preparedness and response to contractors, visitors,
emergency response services, government authorities and, as
appropriate, the local community.

8 | Lloyd’s Register
9. Performance evaluation
Within the Plan-Do-Check-Act cycle, performance evaluation Readiness level Can you
represents the ‘Check’ stage. ISO 45001 requires a structured demonstrate
approach to measurement and data analysis. 1 = not started this?
2 = work in progress
3 = ready Yes/No

Our OH&S performance is monitored, measured, analysed

and evaluated.

We have determined what needs to be monitored and measured and

the methods used to ensure valid results.

We have determined the criteria for evaluating our OH&S performance.

We have determined when the monitoring and measuring shall be

performed, and when those results shall be analysed, evaluated and
communicated.

We have established, implemented and maintained a process(es)

for evaluating compliance with legal requirements and other
requirements.

Our monitoring and measurement equipment is calibrated or verified,

as appropriate.

The results of our internal audits are reported to relevant managers.

We report relevant internal audit results to workers, workers’

representatives and other relevant interested parties

Our Management Review considers:

• status of actions from previous management reviews

• changes in the needs and expectations of interested parties
• changes to risks and opportunities
• information on OH&S performance

The outputs of management review include opportunities to improve

integration of the OHSMS with other business processes, if needed,
and any implications for the strategic direction of the organisation

We communicate the relevant outputs of the management reviews to

workers and, where they exist, workers’ representatives.

ISO 45001:2018 Preparation self-assessment | 9

10. Improvement
Demonstrating how your organisation looks Readiness level Can you
for opportunities for improvement and manages demonstrate
incidents and non-conformities effectively. 1 = not started this?
2 = work in progress
3 = ready Yes/No

We have a process to determine and manage incidents and non-

conformities and we react to them in a timely manner.

Workers and other relevant interested parties participate in evaluating

the need for corrective actions of incidents or non-conformities.

We can demonstrate enhanced OH&S performance through continual

improvement of the OHSMS.

10 | Lloyds Register
Next steps
Implementing a management system and preparing for an audit
requires a team effort to meet the requirements and to embed the
necessary processes, systems and behaviours into the day-to-day
running of your organisation. We hope that this workbook has
helped you to understand what is required and has highlighted
areas to focus on to achieve ISO 45001 certification.

Below are some next steps for you to consider on your journey to
continually improve safety and health in your workplace.

If most of your If most of your If most of your

answers are 1 –
not started:
It’s never too early to engage
your Certification Body to
support you with your
migration planning.
At this stage, one of our
ISO 45001 training courses
could help you and your team
to build the knowledge and
skills that you’ll need to
prepare effectively.
answers are 2 –
work in progress:
A gap analysis will help you to
validate your own assessment
and to pinpoint the areas to
focus on.
During a gap analysis, your
assessor will work with you to
focus on critical, high risk or
weak areas of your system prior
to your formal assessment visit.
Depending on the outputs, you
may decide that a training
course or customised briefing
could help you to bridge that gap.
answers are 3 –
ready:
Great news – you should already
be seeing the benefits of using
ISO 45001.
You may find that a gap analysis
would help you to act as a ‘dry run’
to focus on any weaker areas or
you could book your Migration
audit with Lloyd’s Register.
As an early adopter, you are leading
the way in creating a safe and
healthy work environment for your
workers, contractors and visitors.

The right support and training at the right time

We recognise that your
organisation is unique and the
impact of ISO 45001 will depend
upon the complexity of your
organisation and the maturity of
your management system.
We can provide you with the right
support and training to give you
insight into your system that will help
you ensure that your migration plan
meets the needs of your organisation.

Contact us today at enquiries@lr.org or (enter phone number)

to take the next step.

ISO 45001:2018 Preparation self-assessment | 11

About Lloyd’s Register:
We started out in 1760 as a marine
classification society. Today, we’re one of
the world’s leading providers of professional
services for engineering and technology –
improving safety and increasing the
performance of critical infrastructures for
clients in over 75 countries worldwide. The
profits we generate fund the Lloyd’s Register
Foundation, a charity which supports
science and engineering-related research,
education and public engagement around
everything we do. All of this helps us stand by
the purpose that drives us every single day:
Working together for a safer world.

In a world of increasing complexity –

overloaded with data and opinion – we know
that our clients need more than technology
to succeed. They need an experienced hand.
A partner to listen, cut through the noise
and focus on what really matters to them
and their customers. Our engineers and
technical experts are dedicated to assurance.
That means a commitment to embracing
new technology, and a deep rooted desire
to drive better performance. So we consider
our customers’ needs with diligence and
empathy, then use our expertise and over
250 years’ experience to deliver the smart
solution for everyone.

After all, there are some things

technology can’t replace.

Get in touch
Please visit www.lr.org for more information
or email enquiries@lr.org

Lloyd’s Register
1 Trinity Park
Bickenhill Lane
Birmingham
B37 7ES
United Kingdom
Care is taken to ensure that all information provided is accurate and
up to date. However, Lloyd’s Register accepts no responsibility for
inaccuracies in, or changes to, information.

Lloyd’s Register is a trading name of Lloyd’s Register Group Limited

and its subsidiaries. For further details please see www.lr.org/entities
© Lloyd’s Register Group Limited 2018.

GL / OHS / 012 / V1-2018