ISO 45001 – 2018
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and nongovernmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISO’s adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following URL: www.iso.org/iso/foreword.html.
This document was prepared by Project Committee ISO/PC 283, Occupational health and safety management systems.
Introduction
1.1. Background
An organization is responsible for the occupational health and safety of workers and others who can be affected by its activities. This responsibility includes promoting and protecting their physical and mental health.
The adoption of an OH&S management system is intended to enable an organization to provide safe and healthy workplaces, prevent work-related injury and ill health, and continually improve its OH&S performance.
1.2. Aim of an OH&S management system
The purpose of an OH&S management system is to provide a framework for managing OH&S risks. The intended outcomes of the OH&S management system are to prevent work-related injury and ill health to workers and to provide safe and healthy workplaces; consequently, it is critically important for the organization to eliminate hazards and minimize OH&S risks by taking effective preventive and protective measures.
When these measures are applied by the organization through its OH&S management system, they improve its OH&S performance. An OH&S management system can be more effective and efficient when taking early action to address opportunities for improvement of OH&S performance.
Implementing an OH&S management system conforming to this document enables an organization to manage its OH&S risks and improve its OH&S performance. An OH&S management system can assist an organization to fulfil its legal requirements and other requirements.
1.3. Success factors
The implementation of an OH&S management system is a strategic and operational decision for an organization. The success of the OH&S management system depends on leadership, commitment and participation from all levels and functions of the organization.
The implementation and maintenance of an OH&S management system, its effectiveness and its ability to achieve its intended outcomes are dependent on a number of key factors which can include:
- top management leadership, commitment, responsibilities and accountability;
- top management developing, leading and promoting a culture in the organization that supports the intended outcomes of the OH&S management system;
- communication;
- consultation and participation of workers, and, where they exist, workers’ representatives;
- allocation of the necessary resources to maintain it;
- OH&S policies, which are compatible with the overall strategic objectives and direction of the organization;
- effective process(es) for identifying hazards, controlling OH&S risks and taking advantage of OH&S opportunities;
- continual performance evaluation and monitoring of the OH&S management system to improve OH&S performance;
- integration of the OH&S management system into the organization’s business processes;
- OH&S objectives that align with the OH&S policies and take into account the organization’s hazards, OH&S risks and OH&S opportunities;
- compliance with its legal requirements and other
Demonstration of successful implementation of this document can be used by an organization to give assurance to workers and other interested parties that an effective OH&S management system is in place. Adoption of this document, however, will not in itself guarantee prevention of work-related injury and ill health to workers, provision of safe and healthy workplaces and improved OH&S performance.
The level of detail, the complexity, the extent of documented information and the resources needed to ensure the success of an organization’s OH&S management system will depend on a number of factors, such as:
– the organization’s context (e.g. number of workers, size, geography, culture, legal requirements and other requirements);
– the scope of the organization’s OH&S management system;
– the nature of the organization’s activities and the related OH&S risks.
1.4. Plan-Do-Check-Act cycle
The OH&S management system approach applied in this document is founded on the concept of Plan-Do-Check-Act (PDCA).
The PDCA concept is an iterative process used by organizations to achieve continual improvement. It can be applied to a management system and to each of its individual elements, as follows:
- Plan: determine and assess OH&S risks, OH&S opportunities and other risks and other opportunities, establish OH&S objectives and processes necessary to deliver results in accordance with the organization’s OH&S policy;
- Do: implement the processes as planned;
- Check: monitor and measure activities and processes with regard to the OH&S policy and objectives, and report the results;
- Act: take actions to continually improve the OH&S performance to achieve the intended outcomes.
This document incorporates the PDCA concept into a new framework, as shown in Figure 1.
Figure 1
Relationship between PDCA and the framework in this document.
The numbers given in brackets refer to the clause numbers in this document
1.5. Contents of this document
This document conforms to ISO’s requirements for management system standards. These requirements include a high level structure, identical core text and common terms with core definitions, designed to benefit users implementing multiple ISO management system standards.
This document does not include requirements specific to other subjects, such as those for quality, social responsibility, environmental, security or financial management, though its elements can be aligned or integrated with those of other management systems.
This document contains requirements that can be used by an organization to implement an OH&S management system and to assess conformity. An organization that wishes to demonstrate conformity to this document can do so by:
– making a selfdetermination and selfdeclaration, or
– seeking confirmation of its conformity by parties having an interest in the organization, such as customers, or
– seeking confirmation of its self-declaration by a party external to the organization, or
– seeking certification/registration of its OH&S management system by an external
Clauses 1 to 3 in this document set out the scope, normative references and terms and definitions which apply to the use of this document, while Clauses 4 to 10 contain the requirements to be used to assess conformity to this document. Annex A provides informative explanations to these requirements. The terms and definitions in Clause 3 are arranged in conceptual order, with an alphabetical index provided at the end of this document.
In this document, the following verbal forms are used:
- “shall” indicates a requirement;
- “should” indicates a recommendation;
- “may” indicates a permission;
- “can” indicates a possibility or a capability.
Information marked as “NOTE” is for guidance in understanding or clarifying the associated requirement. “Notes to entry” used in Clause 3 provide additional information that supplements the terminological data and can contain provisions relating to the use of a term.
1. Scope
This document is applicable to any organization that wishes to establish, implement and maintain an OH&S management system to improve occupational health and safety, eliminate hazards and minimize OH&S risks (including system deficiencies), take advantage of OH&S opportunities, and address OH&S management system nonconformities associated with its activities.
This document helps an organization to achieve the intended outcomes of its OH&S management system. Consistent with the organization’s OH&S policy, the intended outcomes of an OH&S management system include:
- continual improvement of OH&S performance;
- fulfillment of legal requirements and other requirements;
- achievement of OH&S
This document is applicable to any organization regardless of its size, type and activities. It is applicable to the OH&S risks under the organization’s control, taking into account factors such as the context in which the organization operates and the needs and expectations of its workers and other interested parties.
This document does not state specific criteria for OH&S performance, nor is it prescriptive about the design of an OH&S management system.
This document enables an organization, through its OH&S management system, to integrate other aspects of health and safety, such as worker wellness/wellbeing.
This document does not address issues such as product safety, property damage or environmental impacts, beyond the risks to workers and other relevant interested parties.
This document can be used in whole or in part to systematically improve occupational health and safety management. However, claims of conformity to this document are not acceptable unless all its requirements are incorporated into an organization’s OH&S management system and fulfilled without exclusion.
2. Normative References
There are no normative references in this document.
3. Terms & Conditions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
- ISO Online browsing platform: available at https://www.iso.org/obp
- IEC Electropedia: available at http://www.electropedia.org/
3.1. Organization
person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its objectives (3.16)
Note 1: The concept of organization includes, but is not limited to sole-trader, company, corporation, firm, enterprise, authority, partnership, charity or institution, or part or combination thereof, whether incorporated or not, public or private.
Note 2: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1.
3.2. Interested party
Interested party (preferred term)
stakeholder (admitted term)
person or organization (3.1) that can affect, be affected by, or perceive itself to be affected by a decision or activity
Note 1: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1.
3.3. Worker
person performing work or workrelated activities that are under the control of the organization (3.1)
Note 1 : Persons perform work or work-related activities under various arrangements, paid or unpaid, such as regularly or temporarily, intermittently or seasonally, casually or on a part-time basis.
Note 2: Workers include top management (3.12), managerial and nonmanagerial persons.
Note 3: The work or work-related activities performed under the control of the organization may be performed by workers employed by the organization, workers of external providers, contractors, individuals, agency workers, and by other persons to the extent the organization shares control over their work or work- related activities, according to the context of the organization.
3.4. Participation
involvement in decisionmaking
Note 1: Participation includes engaging health and safety committees and workers’ representatives, where they exist.
3.5. Consultation
seeking views before making a decision
Note 1: Consultation includes engaging health and safety committees and workers’ representatives, where they exist.
3.6. Workplace
place under the control of the organization (3.1) where a person needs to be or to go for work purposes
Note 1: The organization’s responsibilities under the OH&S management system (3.11) for the workplace depend on the degree of control over the workplace.
3.7. Contractor
external organization (3.1) providing services to the organization in accordance with agreed specifications, terms and conditions
Note 1: Services may include construction activities, among others.
3.8. Requirement
need or expectation that is stated, generally implied or obligatory
Note 1: “Generally implied” means that it is custom or common practice for the organization (3.1) and interested parties (3.2) that the need or expectation under consideration is implied.
Note 2: A specified requirement is one that is stated, for example in documented information (3.24).
Note 3: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1.
3.9. Legal requirements and other requirements
legal requirements that an organization (3.1) has to comply with and other requirements (3.8) that an organization has to or chooses to comply with
Note 1: For the purposes of this document, legal requirements and other requirements are those relevant to the OH&S management system (3.11).
Note 2: “Legal requirements and other requirements” include the provisions in collective agreements. Note 3: Legal requirements and other requirements include those that determine the persons who are workers’ (3.3) representatives in accordance with laws, regulations, collective agreements and practice.
3.10. Management System
set of interrelated or interacting elements of an organization (3.1) to establish policies (3.14) and objectives (3.16) and processes (3.25) to achieve those objectives
Note 1: A management system can address a single discipline or several disciplines.
Note 2: The system elements include the organization’s structure, roles and responsibilities, planning, operation, performance evaluation and improvement.
Note 3: The scope of a management system may include the whole of the organization, specific and identified functions of the organization, specific and identified sections of the organization, or one or more functions across a group of organizations.
Note 4: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1. Note 2 has been modified to clarify some of the wider elements of a management system.
3.11. Occupational health and safety management system OH&S management system
management system (3.10) or part of a management system used to achieve the OH&S policy (3.15)
Note 1: The intended outcomes of the OH&S management system are to prevent injury and ill health (3.18) to workers (3.3) and to provide safe and healthy workplaces (3.6).
Note 2: The terms “occupational health and safety” (OH&S) and “occupational safety and health” (OSH) have the same meaning.
3.12. Top Management
person or group of people who directs and controls an organization (3.1) at the highest level
Note 1 to entry: Top management has the power to delegate authority and provide resources within the organization, provided ultimate responsibility for the OH&S management system (3.11) is retained.
Note 2: If the scope of the management system (3.10) covers only part of an organization, then top management refers to those who direct and control that part of the organization.
Note 3: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1. Note 1 has been modified to clarify the responsibility of top management in relation to an OH&S management system.
3.13. Effectiveness
extent to which planned activities are realized and planned results achieved
Note 1: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1.
3.14. Policy
intentions and direction of an organization (3.1), as formally expressed by its top management (3.12)
Note 1: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1.
3.15. Occupational health and safety policy OH&S policy
policy (3.14) to prevent workrelated injury and ill health (3.18) to workers (3.3) and to provide a safe and healthy workplaces (3.6)
3.16. Objective
result to be achieved
Note 1: An objective can be strategic, tactical, or operational.
Note 2: Objectives can relate to different disciplines (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and process (3.25)).
Note 3: An objective can be expressed in other ways, e.g. as an intended outcome, a purpose, an operational criterion, as an OH&S objective (3.17), or by the use of other words with similar meaning (e.g. aim, goal, or target).
Note 4: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1. The original “Note 4 to entry” has been deleted as the term “OH&S objective” has been defined separately in 3.17.
3.17. Occupational health and safety objective OH&S objective
objective (3.16) set by the organization (3.1) to achieve specific results consistent with the OH&S policy (3.15)
3.18. Injury and ill health
adverse effect on the physical, mental or cognitive condition of a person
Note 1: These adverse effects include occupational disease, illness and death.
Note 2: The term “injury and ill health” implies the presence of injury or ill health, either on their own or in combination.
3.19. Hazard
source with a potential to cause injury and ill health (3.18)
Note 1: Hazards can include sources with the potential to cause harm or hazardous situations, or circumstances with the potential for exposure leading to injury and ill health.
3.20. Risk
effect of uncertainty
Note 1: An effect is a deviation from the expected — positive or negative.
Note 2: Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood.
Note 3: Risk is often characterized by reference to potential “events” (as defined in ISO Guide 73:2009, 3.5.1.3) and “consequences” (as defined in ISO Guide 73:2009, 3.6.1.3), or a combination of these.
Note 4: Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated “likelihood” (as defined in ISO Guide 73:2009, 3.6.1.1) of occurrence.
Note 5: In this document, where the term “risks and opportunities” is used this means OH&S risks (3.21), OH&S opportunities (3.22) and other risks and other opportunities to the management system.
Note 6: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1. Note 5 to entry has been added to clarify the term “risks and opportunities” for its use within this document.
3.21. Occupational health and safety risk OH&S risk
combination of the likelihood of occurrence of a workrelated hazardous event or exposure(s) and the severity of injury and ill health (3.18) that can be caused by the event or exposure(s)
3.22. Occupational health and safety opportunity OH&S opportunity
circumstance or set of circumstances that can lead to improvement of OH&S performance (3.28)
3.23. Competence
ability to apply knowledge and skills to achieve intended results
Note 1: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1.
3.24. Documented information
information required to be controlled and maintained by an organization (3.1) and the medium on which it is contained
Note 1: Documented information can be in any format and media, and from any source. Note 2: Documented information can refer to:
a) the management system (10), including related processes (3.25);
b) information created in order for the organization to operate (documentation);
c) evidence of results achieved (records).
Note 3: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1.
3.25. Process
set of interrelated or interacting activities which transforms inputs into outputs
Note 1: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1.
3.26. Procedure
specified way to carry out an activity or a process (3.25)
Note 1: Procedures may be documented or not.
[SOURCE: ISO 9000:2015, 3.4.5, modified — Note 1 has been modified.]
3.27. Performance
measurable result
Note 1: Performance can relate either to quantitative or qualitative findings. Results can be determined and evaluated by qualitative or quantitative methods.
Note 2: Performance can relate to the management of activities, processes (3.25), products (including services), systems or organizations (3.1).
Note 3: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1. Note 1 has been modified to clarify the types of methods that may be used for determining and evaluating results.
3.28. Occupational health and safety performance OH&S performance
performance (3.27) related to the effectiveness (3.13) of the prevention of injury and ill health (3.18) to workers (3.3) and the provision of safe and healthy workplaces (3.6)
3.29. Outsource
Outsource, verb
make an arrangement where an external organization (3.1) performs part of an organization’s function or process (3.25)
Note 1: An external organization is outside the scope of the management system (3.10), although the outsourced function or process is within the scope.
Note 2: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1.
3.30. Monitoring
determining the status of a system, a process (3.25) or an activity
Note 1: To determine the status, there may be a need to check, supervise or critically observe.
Note 2: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1.
3.31. Measurement
process (3.25) to determine a value
Note 1: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1.
3.32. Audit
systematic, independent and documented process (3.25) for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled
Note 1: An audit can be an internal audit (first party) or an external audit (second party or third party), and it can be a combined audit (combining two or more disciplines).
Note 2: An internal audit is conducted by the organization (3.1) itself, or by an external party on its behalf. Note 3: “Audit evidence” and “audit criteria” are defined in ISO 19011.
Note 4 to entry: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1.
3.33. Conformity
fulfilment of a requirement (3.8)
Note 1: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1.
3.34. Nonconformity
non-fulfilment of a requirement (3.8)
Note 1: Nonconformity relates to requirements in this document and additional OH&S management system (3.11) requirements that an organization (3.1) establishes for itself.
Note 2: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1. Note 1 has been added to clarify the relationship of nonconformities to the requirements of this document and to the organization’s own requirements for its OH&S management system.
3.35. Incident
occurrence arising out of, or in the course of, work that could or does result in injury and ill health (3.18)
Note 1: An incident where injury and ill health occurs is sometimes referred to as an “accident”.
Note 2: An incident where no injury and ill health occurs but has the potential to do so may be referred to as a “nearmiss”, “nearhit” or “close call”.
Note 3: Although there can be one or more nonconformities (3.34) related to an incident, an incident can also occur where there is no nonconformity.
3.36. Corrective action
action to eliminate the cause(s) of a nonconformity (3.34) or an incident (3.35) and to prevent recurrence
Note 1: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1. The term has been modified to include reference to “incident”, as incidents are a key factor in occupational health and safety, yet the activities needed for resolving them are the same as for nonconformities, through corrective action.
3.37. Continual improvement
recurring activity to enhance performance (3.27)
Note 1: Enhancing performance relates to the use of the OH&S management system (3.11) in order to achieve improvement in overall OH&S performance (3.28) consistent with the OH&S policy (3.15) and OH&S objectives (3.17).
Note 2: Continual does not mean continuous, so the activity does not need to take place in all areas simultaneously.
Note 3: This constitutes one of the common terms and core definitions for ISO management system standards given in Annex SL of the Consolidated ISO Supplement to the ISO/IEC Directives, Part 1. Notes 1 and 2 to entry have been added: Note 1 to clarify the meaning of “performance” in the context of an OH&S management system; and Note 2 to clarify the meaning of “continual”.
4. Context of the organization
4.1 Understanding the organization and its context
The organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its OH&S management system.
4.2 Understanding the needs and expectations of workers and other interested parties
The organization shall determine:
- the other interested parties, in addition to workers, that are relevant to the OH&S management system;
- the relevant needs and expectations (i.e. requirements) of workers and other interested parties;
- which of these needs and expectations are or could become legal requirements and other
4.3 Determining the scope of the OH&S management system
The organization shall determine the boundaries and applicability of the OH&S management system to establish its scope.
When determining this scope, the organization shall:
- consider the external and internal issues referred to in 4.1;
- take into account the requirements referred to in 4.2;
- take into account the planned or performed workrelated
The OH&S management system shall include the activities, products and services within the organization’s control or influence that can impact the organization’s OH&S performance.
The scope shall be available as documented information.
4.4 OH&S management system
The organization shall establish, implement, maintain and continually improve an OH&S management system, including the processes needed and their interactions, in accordance with the requirements of this document.
5. Leadership and worker participation
5.1. Leadership and commitment
Top management shall demonstrate leadership and commitment with respect to the OH&S management system by:
- taking overall responsibility and accountability for the prevention of work-related injury and ill health as well as the provision of safe and healthy workplaces and activities;
- ensuring that the OH&S policy and related OH&S objectives are established and are compatible with the strategic direction of the organization;
- ensuring the integration of the OH&S management system requirements into the organization’s business processes;
- ensuring that the resources needed to establish, implement, maintain and improve the OH&S management system are available;
- communicating the importance of effective OH&S management and of conforming to the OH&S management system requirements;
- ensuring that the OH&S management system achieves its intended outcome(s);
- directing and supporting persons to contribute to the effectiveness of the OH&S management system;
- ensuring and promoting continual improvement;
- supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility;
- developing, leading and promoting a culture in the organization that supports the intended outcomes of the OH&S management system;
- protecting workers from reprisals when reporting incidents, hazards, risks and opportunities;
- ensuring the organization establishes and implements a process(es) for consultation and participation of workers (see 4);
- supporting the establishment and functioning of health and safety committees, [see 4 e) 1)].
NOTE: Reference to “business” in this document can be interpreted broadly to mean those activities that are core to the purposes of the organization’s existence.
5.2. OH&S policy
Top management shall establish, implement and maintain an OH&S policy that:
- includes a commitment to provide safe and healthy working conditions for the prevention of work- related injury and ill health and is appropriate to the purpose, size and context of the organization and to the specific nature of its OH&S risks and OH&S opportunities;
- provides a framework for setting the OH&S objectives;
- includes a commitment to fulfil legal requirements and other requirements;
- includes a commitment to eliminate hazards and reduce OH&S risks (see 1.2);
- includes a commitment to continual improvement of the OH&S management system;
- includes a commitment to consultation and participation of workers, and, where they exist, workers’ representatives.
The OH&S policy shall:
- be available as documented information;
- be communicated within the organization;
- be available to interested parties, as appropriate;
- be relevant and
5.3. Organizational roles, responsibilities and authorities
Top management shall ensure that the responsibilities and authorities for relevant roles within the OH&S management system are assigned and communicated at all levels within the organization and maintained as documented information. Workers at each level of the organization shall assume responsibility for those aspects of OH&S management system over which they have control.
NOTE: While responsibility and authority can be assigned, ultimately top management is still accountable for the functioning of the OH&S management system.
Top management shall assign the responsibility and authority for:
- ensuring that the OH&S management system conforms to the requirements of this document;
- reporting on the performance of the OH&S management system to top management.
5.4. Consultation and participation of workers
The organization shall establish, implement and maintain a process(es) for consultation and participation of workers at all applicable levels and functions, and, where they exist, workers’ representatives, in the development, planning, implementation, performance evaluation and actions for improvement of the OH&S management system.
The organization shall:
a. provide mechanisms, time, training and resources necessary for consultation and participation;
NOTE 1: Worker representation can be a mechanism for consultation and participation.
b. provide timely access to clear, understandable and relevant information about the OH&S management system;
c. determine and remove obstacles or barriers to participation and minimize those that cannot be removed;
NOTE 2: Obstacles and barriers can include failure to respond to worker inputs or suggestions, language or literacy barriers, reprisals or threats of reprisals and policies or practices that discourage or penalize worker participation.
d. emphasize the consultation of nonmanagerial workers on the following:
1) determining the needs and expectations of interested parties (see 4.2);
2) establishing the OH&S policy (see 5.2);
3) assigning organizational roles, responsibilities and authorities as applicable (see 5.3);
4) determining how to fulfil legal requirements and other requirements (see 6.1.3);
5) establishing OH&S objectives and planning to achieve them (see 6.2);
6) determining applicable controls for outsourcing, procurement and contractors (see 8.1.4);
7) determining what needs to be monitored, measured and evaluated (see 9.1);
8) planning, establishing, implementing and maintaining an audit programme(s) (see 9.2.2);
9) ensuring continual improvement (see 10.3);
e) emphasize the participation of nonmanagerial workers in the following:
1) determining the mechanisms for their consultation and participation;
2) identifying hazards and assessing risks and opportunities (see 6.1.1, and 6.1.2);
3) determining actions to eliminate hazards and reduce OH&S risks (see 6.1.4);
4) determining competence requirements, training needs, training and evaluating training (see 7. 2);
5) determining what needs to be communicated and how this will be done (see 7.4);
6) determining control measures and their effective implementation and use (see 8.1, 8.1.3, and 8.2);
7) investigating incidents and nonconformities and determining corrective actions (see 10.2).
NOTE 3: Emphasizing the consultation and participation of non-managerial workers is intended to apply to persons carrying out the work activities, but is not intended to exclude, for example, managers who are impacted by work activities or other factors in the organization.
NOTE 4: It is recognized that the provision of training at no cost to workers and the provision of training during working hours, where possible, can remove significant barriers to worker participation.
6. Planning
6.1 Actions to address risks and opportunities
6.1.1 General
When planning for the OH&S management system, the organization shall consider the issues referred to in 4.1 (context), the requirements referred to in 4.2 (interested parties) and 4.3 (the scope of its OH&S management system) and determine the risks and opportunities that need to be addressed to:
- give assurance that the OH&S management system can achieve its intended outcome(s);
- prevent, or reduce, undesired effects;
- achieve continual
When determining the risks and opportunities to the OH&S management system and its intended outcomes that need to be addressed, the organization shall take into account:
- hazards (see 1.2.1);
- OH&S risks and other risks (see 1.2.2);
- OH&S opportunities and other opportunities (see 1.2.3);
- legal requirements and other requirements (see 1.3).
The organization, in its planning process(es), shall determine and assess the risks and opportunities that are relevant to the intended outcomes of the OH&S management system associated with changes in the organization, its processes or the OH&S management system. In the case of planned changes, permanent or temporary, this assessment shall be undertaken before the change is implemented (see 8.1.3).
The organization shall maintain documented information on:
- risks and opportunities;
- the process(es) and actions needed to determine and address its risks and opportunities (see 6.1.2 to 6.1.4) to the extent necessary to have confidence that they are carried out as planned.
6.1.2 Hazard identification and assessment of risks and opportunities
6.1.2.1 Hazard identification
The organization shall establish, implement and maintain a process(es) for hazard identification that is ongoing and proactive. The process(es) shall take into account but not be limited to:
a. how work is organized, social factors (including workload, work hours, victimization, harassment and bullying), leadership and the culture in the organization;
b. routine and nonroutine activities and situations, including hazards arising from:
- infrastructure, equipment, materials, substances and the physical conditions of the workplace;
- product and service design, research, development, testing, production, assembly, construction, service delivery, maintenance and disposal;
- human factors;
- how the work is performed;
c. past relevant incidents, internal or external to the organization, including emergencies, and their causes;
d. potential emergency situations;
e. people, including consideration of:
- those with access to the workplace and their activities, including workers, contractors, visitors and other persons;
- those in the vicinity of the workplace who can be affected by the activities of the organization;
- workers at a location not under the direct control of the organization;
f. other issues, including consideration of:
- the design of work areas, processes, installations, machinery/equipment, operating procedures and work organization, including their adaptation to the needs and capabilities of the workers involved;
- situations occurring in the vicinity of the workplace caused by work-related activities under the control of the organization;
- situations not controlled by the organization and occurring in the vicinity of the workplace that can cause injury and ill health to persons in the workplace;
g. actual or proposed changes in organization, operations, processes, activities and OH&S management system (see 8.1.3);
h. changes in knowledge of, and information about, hazards.
6.1.2.2. Assessment of OH&S risks and other risks to the OH&S management system
The organization shall establish, implement and maintain a process(es) to:
a. assess OH&S risks from the identified hazards, while taking into account the effectiveness of existing controls;
b. determine and assess the other risks related to the establishment, implementation, operation and maintenance of the OH&S management system.
The organization’s methodology(ies) and criteria for the assessment of OH&S risks shall be defined with respect to their scope, nature and timing to ensure they are proactive rather than reactive and are used in a systematic way. Documented information shall be maintained and retained on the methodology(ies) and criteria.
6.1.2.3. Assessment of OH&S opportunities and other opportunities to the OH&S management system
The organization shall establish, implement and maintain a process(es) to assess:
a. OH&S opportunities to enhance OH&S performance, while taking into account planned changes to the organization, its policies, processes or its activities and:
1. opportunities to adapt work, work organization and work environment to workers;
2. opportunities to eliminate hazards and reduce OH&S risks;
b. other opportunities for improving the OH&S management
NOTE: OH&S risks and OH&S opportunities can result in other risks and other opportunities to the organization.
6.1.3. Determination of legal requirements and other requirements
The organization shall establish, implement and maintain a process(es) to:
a. determine and have access to uptodate legal requirements and other requirements that are applicable to its hazards, OH&S risks and OH&S management system;
b. determine how these legal requirements and other requirements apply to the organization and what needs to be communicated;
c. take these legal requirements and other requirements into account when establishing, implementing, maintaining and continually improving its OH&S management system.
The organization shall maintain and retain documented information on its legal requirements and other requirements and shall ensure that it is updated to reflect any changes.
NOTE: Legal requirements and other requirements can result in risks and opportunities to the organization.
6.1.4. Planning action
The organization shall plan:
a. actions to:
1. address these risks and opportunities (see 1.2.2 and 6.1.2.3);
2. address legal requirements and other requirements (see 1.3);
3. prepare for and respond to emergency situations (see 8.2);
b. how to:
1. integrate and implement the actions into its OH&S management system processes or other business processes;
2. evaluate the effectiveness of these actions;
The organization shall take into account the hierarchy of controls (see 8.1.2) and outputs from the OH&S management system when planning to take action.
When planning its actions, the organization shall consider best practices, technological options, and financial, operational and business requirements.
6.2. OH&S objectives and planning to achieve them
6.2.1. OH&S objectives
The organization shall establish OH&S objectives at relevant functions and levels in order to maintain and continually improve the OH&S management system and OH&S performance (see 10.3): The OH&S objectives shall:
a. be consistent with the OH&S policy;
b. be measurable (if practicable) or capable of performance evaluation;
c. take into account:
1. applicable requirements;
2. the results of the assessment of risks and opportunities (see 1.2.2 and 6.1.2.3);
3. the results of consultation with workers (see 4), and, where they exist, workers’ representatives;
d. be monitored;
e. be communicated;
f. be updated as appropriate.
6.2.2. Planning to achieve OH&S objectives
When planning how to achieve its OH&S objectives, the organization shall determine:
- what will be done;
- what resources will be required;
- who will be responsible;
- when it will be completed;
- how the results will be evaluated, including indicators for monitoring;
- how the actions to achieve OH&S objectives will be integrated into the organization’s business;
The organization shall maintain and retain documented information on the OH&S objectives and plans to achieve them.
7. Support
7.1. Resources
The organization shall determine and provide the resources needed for the establishment, implementation, maintenance and continual improvement of the OH&S management system.
7.2. Competence
The organization shall:
- determine the necessary competence of workers that affects or can affect its OH&S performance;
- ensure that workers are competent (including the ability to identify hazards) on the basis of appropriate education, training or experience;
- where applicable, take actions to acquire and maintain the necessary competence, and evaluate the effectiveness of the actions taken;
- retain appropriate documented information as evidence of competence.
NOTE: Applicable actions can include, for example, the provision of training to, the mentoring of, or the re-assignment of currently employed persons, or the hiring or contracting of competent persons.
7.3. Awareness
Workers shall be made aware of:
- the OH&S policy and OH&S objectives;
- their contribution to the effectiveness of the OH&S management system, including the benefits of improved OH&S performance;
- the implications and potential consequences of not conforming to the OH&S management system requirements;
- incidents and the outcomes of investigations that are relevant to them;
- hazards, OH&S risks and actions determined that are relevant to them;
- the ability to remove themselves from work situations that they consider present an imminent and serious danger to their life or health, as well as the arrangements for protecting them from undue consequences for doing so.
7.4. Communication
7.4.1. General
The organization shall establish, implement and maintain the process(es) needed for the internal and external communications relevant to the OH&S management system, including determining:
a. on what it will communicate;
b. when to communicate;
c. with whom to communicate:
- internally among the various levels and functions of the organization;
- among contractors and visitors to the workplace;
- among other interested parties;
e. how to communicate.
d. the organization shall take into account diversity aspects (e.g. gender, language, culture, literacy, disability) when considering its communication process(es).
The organization shall ensure that the views of external interested parties are considered in establishing its communication process(es).
When establishing its communication process(es), the organization shall:
- take into account its legal requirements and other requirements;
- ensure that OH&S information to be communicated is consistent with information generated within the OH&S management system, and is reliable.
The organization shall respond to relevant communications on its OH&S management system.
The organization shall retain documented information as evidence of its communications, as appropriate.
7.4.2 Internal communication
The organization shall:
- internally communicate information relevant to the OH&S management system among the various levels and functions of the organization, including changes to the OH&S management system, as appropriate;
- ensure its communication process(es) enables workers to contribute to continual improvement.
7.4.3 External communication
The organization shall externally communicate information relevant to the OH&S management system, as established by the organization’s communication process(es) and taking into account its legal requirements and other requirements.
7.5 Documented information
7.5.1 General
The organization’s OH&S management system shall include:
- documented information required by this document;
- documented information determined by the organization as being necessary for the effectiveness of the OH&S management system;
NOTE: The extent of documented information for an OH&S management system can differ from one organization to another due to:
- the size of organization and its type of activities, processes, products and services;
- the need to demonstrate fulfilment of legal requirements and other requirements;
- the complexity of processes and their interactions;
- the competence of workers.
7.5.2. Creating and updating
When creating and updating documented information the organization shall ensure appropriate:
- identification and description (e.g. a title, date, author or reference number);
- format (e.g. language, software version, graphics) and media (e.g. paper, electronic);
- review and approval for suitability and adequacy.
7.5.3 Control of documented information
Documented information required by the OH&S management system and by this document shall be controlled to ensure:
- it is available and suitable for use, where and when it is needed;
- it is adequately protected (e.g. from loss of confidentiality, improper use or loss of integrity).
For the control of documented information, the organization shall address the following activities, as applicable:
- distribution, access, retrieval and use;
- storage and preservation, including preservation of legibility;
- control of changes (e.g. version control);
- retention and disposition.
Documented information of external origin determined by the organization to be necessary for the planning and operation of the OH&S management system shall be identified, as appropriate, and controlled.
NOTE 1: Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information.
NOTE 2: Access to relevant documented information includes access by workers, and, where they exist, workers’ representatives.
8. Operation
8.1. Operational planning and control
8.1.1. General
The organization shall plan, implement, control and maintain the processes needed to meet requirements of the OH&S management system, and to implement the actions determined in Clause 6, by:
- establishing criteria for the processes;
- implementing control of the processes in accordance with the criteria;
- maintaining and retaining documented information to the extent necessary to have confidence that the processes have been carried out as planned;
- adapting work to to workers.
At multi-employer workplaces, the organization shall coordinate the relevant parts of the OH&S management system with the other organizations.
8.1.2. Eliminating hazards and reducing OH&S risks
The organization shall establish, implement and maintain a process(es) for the elimination of hazards and reduction of OH&S risks using the following “hierarchy of control”:
- eliminate the hazard;
- substitute with less hazardous processes, operations, materials or equipment;
- use engineering controls and reorganization of work;
- use administrative controls, including training;
- use adequate personal protective equipment.
NOTE: In many countries, legal requirements and other requirements include the requirement that personal protective equipment (PPE) is provided at no cost to workers.
8.1.3. Management of change
The organization shall establish a process(es) for the implementation and control of planned temporary and permanent changes that impact OH&S performance, including:
- new products, services and processes, or changes to existing products, services and processes, including:
- workplace locations and surroundings;
- work organization;
- working conditions;
- equipment;
- work force;
- changes to legal requirements and other requirements;
- changes in knowledge or information about hazards and OH&S risks;
- developments in knowledge and technology.
The organization shall review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary.
NOTE: Changes can result in risks and opportunities.
8.1.4. Procurement
8.1.4.1. General
The organization shall establish, implement and maintain a process(es) to control the procurement of products and services in order to ensure their conformity to its OH&S management system.
8.1.4.2. Contractors
The organization shall coordinate its procurement process(es) with its contractors, to identify hazards and to assess and control the OH&S risks, arising from the:
- contractors’ activities and operations that impact the organization;
- organization’s activities and operations that impact the contractors’ workers;
- contractors’ activities and operations that impact other interested parties in the
The organization shall ensure that the requirements of its OH&S management system are met by contractors and their workers. The organization’s procurement process(es) shall define and apply occupational health and safety criteria for the selection of contractors.
NOTE: It can be helpful to include the occupational health and safety criteria for the selection of contractors in the contractual documents.
8.1.4.3. Outsourcing
The organization shall ensure that outsourced functions and processes are controlled. The organization shall ensure that its outsourcing arrangements are consistent with legal requirements and other requirements and with achieving the intended outcomes of the OH&S management system. The type and degree of control to be applied to these functions and processes shall be defined within the OH&S management system.
NOTE: Coordination with external providers can assist an organization to address any impact outsourcing has on its OH&S performance.
8.2 Emergency preparedness and response
The organization shall establish, implement and maintain a process(es) needed to prepare for and respond to potential emergency situations, as identified in 6.1.2.1, including:
- establishing a planned response to emergency situations, including the provision of first aid;
- providing training for the planned response;
- periodically testing and exercising the planned response capability;
- evaluating performance and, as necessary, revising the planned response, including after testing and in particular after the occurrence of emergency situations;
- communicating and providing relevant information to all workers on their duties and responsibilities;
- communicating relevant information to contractors, visitors, emergency response services, government authorities and, as appropriate, the local community;
- taking into account the needs and capabilities of all relevant interested parties and ensuring their involvement, as appropriate, in the development of the planned response.
The organization shall maintain and retain documented information on the process(es) and on the plans for responding to potential emergency situations.
9. Performance evaluation
9.1. Monitoring, measurement, analysis and performance evaluation
9.1.1. General
The organization shall establish, implement and maintain a process(es) for monitoring, measurement, analysis and performance evaluation.
The organization shall determine:
a. what needs to be monitored and measured, including:
- the extent to which legal requirements and other requirements are fulfilled;
- its activities and operations related to identified hazards, risks and opportunities;
- progress towards achievement of the organization’s OH&S objectives;
- effectiveness of operational and other controls;
b. the methods for monitoring, measurement, analysis and performance evaluation, as applicable, to ensure valid results;
c. the criteria against which the organization will evaluate its OH&S performance;
d. when the monitoring and measuring shall be performed;
e. when the results from monitoring and measurement shall be analysed, evaluated and communicated.
The organization shall evaluate the OH&S performance, and determine the effectiveness of the OH&S management system.
The organization shall ensure that monitoring and measuring equipment is calibrated or verified as applicable, and is used and maintained as appropriate.
NOTE: There can be legal requirements or other requirements (e.g. national or international standards) concerning the calibration or verification of monitoring and measuring equipment.
The organization shall retain appropriate documented information:
- as evidence of the results of monitoring, measurement, analysis and performance evaluation;
- on the maintenance, calibration or verification of measuring equipment.
9.1.2. Evaluation of compliance
The organization shall establish, implement and maintain a process(es) for evaluating compliance with legal requirements and other requirements (see 6.1.3).
The organization shall:
- determine the frequency and method(s) for the evaluation of compliance;
- evaluate compliance and take action if needed (see 10.2);
- maintain knowledge and understanding of its compliance status with legal requirements and other requirements;
- retain documented information of the compliance evaluation result(s).
9.2. Internal audit
9.2.1. General
The organization shall conduct internal audits at planned intervals to provide information on whether the OH&S management system:
a. conforms to:
- the organization’s own requirements for its OH&S management system, including the OH&S policy and OH&S objectives;
- the requirements of this document;
b. is effectively implemented and maintained.
9.2.2. Internal audit programme
The organization, shall:
- plan, establish, implement and maintain an audit programme(s) including the frequency, methods, responsibilities, consultation, planning requirements and reporting, which shall take into consideration the importance of the processes concerned and the results of previous audits;
- define the audit criteria and scope for each audit;
- select auditors and conduct audits to ensure objectivity and the impartiality of the audit process;
- ensure that the results of the audits are reported to relevant managers; ensure that relevant audit results are reported to workers, and, where they exist, workers’ representatives, and other relevant interested parties;
- take action to address nonconformities and continually improve its OH&S performance (see Clause 10);
- retain documented information as evidence of the implementation of the audit programme and the audit
NOTE: For more information on auditing and the competence of auditors, see ISO 19011.
9.3. Management review
Top management shall review the organization’s OH&S management system, at planned intervals, to ensure its continuing suitability, adequacy and effectiveness.
The management review shall include consideration of:
a. the status of actions from previous management reviews;
b. changes in external and internal issues that are relevant to the OH&S management system including:
- the needs and expectations of interested parties;
- legal requirements and other requirements;
- risks and opportunities;
c. the extent to which the OH&S policy and the OH&S objectives have been met;
d. information on the OH&S performance, including trends in:
- incidents, nonconformities, corrective actions and continual improvement;
- monitoring and measurement results;
- results of evaluation of compliance with legal requirements and other requirements;
- audit results;
- consultation and participation of workers;
- risks and opportunities;
e. adequacy of resources for maintaining an effective OH&S management system;
f. relevant communication(s) with interested parties;
g. opportunities for continual improvement.
The outputs of the management review shall include decisions related to:
- continuing suitability, adequacy and effectiveness of the OH&S management system in achieving its intended outcomes;
- continual improvement opportunities;
- any need for changes to the OH&S management system;
- resources needed;
- actions if needed;
- opportunities to improve integration of the OH&S management system with other business processes;
- any implications for the strategic direction of the organization.
Top management shall communicate the relevant outputs of management reviews to workers, and, where they exist, workers’ representatives (see 7.4).
The organization shall retain documented information as evidence of the results of management reviews.
10. Improvement
10.1 General
The organization shall determine opportunities for improvement (see Clause 9) and implement necessary actions to achieve the intended outcomes of its OH&S management system.
10.2 Incident, nonconformity and corrective action
The organization shall establish, implement and maintain a process(es), including reporting, investigating and taking action, to determine and manage incidents and nonconformities.
When an incident or a nonconformity occurs, the organization shall:
a. react in a timely manner to the incident or nonconformity and, as applicable:
- take action to control and correct it;
- deal with the consequences;
b. evaluate, with the participation of workers (see 5.4) and the involvement of other relevant interested parties, the need for corrective action to eliminate the root cause(s) of the incident or nonconformity, in order that it does not recur or occur elsewhere, by:
- investigating the incident or reviewing the nonconformity;
- determining the cause(s) of the incident or nonconformity;
- determining if similar incidents have occurred, nonconformities exist, or if they could potentially occur;
c. review existing assessments of OH&S risks and other risks, as appropriate (see 6.1);
d. determine and implement any action needed, including corrective action, in accordance with the hierarchy of controls (see 8.1.2) and the management of change (see 8.1.3);
e. assess OH&S risks that relate to new or changed hazards, prior to taking action;
f. review the effectiveness of any action taken, including corrective action;
g. make changes to the OH&S management system, if necessary.
Corrective actions shall be appropriate to the effects or potential effects of the incidents or nonconformities encountered.
The organization shall retain documented information as evidence of:
- the nature of the incidents or nonconformities and any subsequent actions taken;
- the results of any action and corrective action, including their
The organization shall communicate this documented information to relevant workers, and, where they exist, workers’ representatives, and other relevant interested parties.
NOTE : The reporting and investigation of incidents without undue delay can enable hazards to be eliminated and associated OH&S risks to be minimized as soon as possible.
10.3 Continual improvement
The organization shall continually improve the suitability, adequacy and effectiveness of the OH&S management system, by:
- enhancing OH&S performance;
- promoting a culture that supports an OH&S management system;
- promoting the participation of workers in implementing actions for the continual improvement of the OH&S management system;
- communicating the relevant results of continual improvement to workers, and, where they exist, workers’ representatives;
- maintaining and retaining documented information as evidence of continual improvement.
Bibliography
- ISO 9000:2015, Quality management systems — Fundamentals and vocabulary
- ISO 9001, Quality management systems — Requirements
- ISO 14001, Environmental management systems — Requirements with guidance for use
- ISO 19011, Guidelines for auditing management systems
- ISO 20400, Sustainable procurement — Guidance
- ISO 26000, Guidance on social responsibility
- ISO 31000, Risk management — Principles and guidelines
- ISO 37500, Guidance on outsourcing
- ISO 39001, Road traffic safety (RTS) management systems — Requirements with guidance for use
- ISO Guide 73:2009, Risk management — Vocabulary
- IEC 31010, Risk management — Risk assessment techniques
- ILO. Guidelines on occupational safety and health management systems, ILO-OSH 2001. 2nd ed. International Labour Office, Geneva, 2009. Available at: http://w w w.ilo.org/safework/ info/standardsandinstruments/WCMS_107727/langen/index.htm
- ILO. International Labour Standards (including those on occupational safety and health). International Labour Office, Geneva. Available at: http://w w w.ilo.org/normlex (click on “instruments”, then “Conventions and Recommendations by subject”)
- OHSAS 18001. Occupational health and safety management systems — Requirements. 2nd ed.
- OHSAS Project Group, London, July 2007, ISBN 978 0 580 50802 8
- OHSAS 18002. Occupational health and safety management systems — Guidelines for the implementation of OHSAS 18001:2007. 2nd ed. OHSAS Project Group, London, Nov 2008, ISBN 978 0 580 61674 7
Alphabetical index of terms
audit 3.32
competence 3.23
conformity 3.33
consultation 3.5
continual improvement 3.37
contractor 3.7
corrective action 3.36
documented information 3.24
effectiveness 3.13
hazard 3.19
incident 3.35
injury and ill health 3.18
interested party 3.2
legal requirements and other requirements 3.9
management system 3.10
measurement 3.31
monitoring 3.30
nonconformity 3.34
objective 3.16
occupational health and safety (OH&S) management system 3.11
occupational health and safety (OH&S) objective 3.17
occupational health and safety (OH&S) opportunity 3.22
occupational health and safety (OH&S) performance 3.28
occupational health and safety (OH&S) policy 3.15
occupational health and safety (OH&S) risk 3.21
organization 3.1
outsource, verb 3.29
participation 3.4
performance 3.27
policy 3.14
procedure 3.26
process 3.25
requirement 3.8
risk 3.20
top management 3.12
worker 3.3
workplace 3.6
good material and should be completed by diagram and picture