ISO 45001: information on the ISO standard for occupational health and safety at work
As early as March 2013, the British Standards Institution (BSI) submitted a proposal to the International Organization for Standardization (ISO) to develop an international standard for the requirements of occupational safety and health management systems. Almost five years later, the final result was presented in the form of the ISO 45001 standard, which is now gradually replacing the BS OHSAS 18001 standard, the most widely used standard worldwide to date.
What is behind the ISO 45001 standard?
Accidents at work and occupational illnesses are a serious problem both for employers and for the economy as a whole: losses from early retirement schemes, absenteeism, and rising insurance premiums cause trouble year after year. In order to counteract this problem, a team of experts for health protection and occupational safety developed the standard ISO 45001. The standard firstly combines the areas of occupational health and safety and occupational health management and is based – particularly with regard to the concepts involved – on other general management system approaches such as ISO 9001 (quality management) and ISO 14001 (environmental management). The basis for ISO 45001 included the OHSAS 18001 standard, the ILO-OSH guideline of the International Labour Organization, and various other national and international labour standards and conventions.
The final version of ISO 45001 was released on March 12, 2018 after a five-year development process. The International Accreditation Forum (IAF) has set a transitional period of three years for the transition to the new international standard. During this period, companies can replace current certificates after successful ISO 45001 certification. Information on how to migrate to ISO 45001 can be found on the ISO website.
The ISO 45001 certification is not mandatory in the UK. Each organisation needs to decide itself whether it makes sense depending on its specific situation and aims. As a result, not only will there be considerably fewer legal controls: Your own image is also strengthened – with employees, customers, and suppliers. Proper implementation, rewarded with a certificate, also helps reduce operational costs for incidents, business interruptions, insurance premiums, etc., as well as absenteeism, unscheduled downtime, and employee turnover.
From proposal to standard: the development steps of ISO 45001
The proposal to develop an international standard for occupational health and safety was already accepted by the International Organization for Standardization in March 2013. The idea came from the British Standards Institution (BSI), which developed the current BS OHSAS 18001 standard and recommended it as the basis for the new occupational health and safety standard. In July 2013, the majority of ISO members voted in favour of the proposal by the British Standards Institution, thereby giving the go-ahead for the development of the new standard. The further development of the ISO 45001 standard was as follows:
| October 2013 | The project committee ISO/PC 283, which was founded for the development of the standard, and consists of 71 participating and 19 observing members, comes up with a first working draft. Among other things, the name “ISO 45001” is decided upon and the high-level structure (HLS) is defined as the framework for the development of standards. |
|---|---|
| July 2014 | The work group forwards a first committee draft to the national standards organisations. |
| February 2015 | The work group publishes a second, revised committee draft, which in turn is examined by the national standards organisations. |
| November 2015 | After consensus was reached on the second committee draft, ISO/PC 283 publishes the first draft international standard. |
| June 2016 | Since 28% of the national standards committees reject the first draft standard, the international session of the ISO 45001 work group in Toronto decides to revise it. |
| July 2017 | The revised draft international standard is released for discussion. |
| September 2017 | At a meeting in Malaysia, the last open points of contention in the second draft standard are discussed and got rid of. A clear majority then votes in favour of adopting the draft. |
| November 2017 | The committee publishes the final draft international standard. |
| January 2018 | The final draft was confirmed with 93% of the votes. |
| March 2018 | On 12th March 2018, the new standard for occupational safety is published. “ISO 45001:2018” is the full name. |
The contents of the ISO 45001 standard at a glance
ISO 45001 provides valuable information on the requirements of a health and safety management system. To this end, the standard describes the important elements and also provides systematic guidance to help organisations and businesses of all sizes and types provide safe workplaces, whether they are a non-profit organisation, a ministry, a micro enterprise, or a global conglomerate.
As a result of the high-level structure, which is basically a standardised process description for ISO standards, ISO 45001 contains a lot of content that has great similarities to the standards ISO 9001 (quality management) and ISO 14001 (environmental management) that have already been mentioned. These include, for example, explanations of the context of the organisation or company, which not only consider the impact of health and safety aspects on their own operations, but also take into account external interest groups such as suppliers and authorities.
Another central content point of the high-level structure is the responsibility of the highest hierarchical level. According to the standard, management must be increasingly involved in matters relating to occupational health and safety.
A central element of the high-level structure and many ISO content points for occupational safety is the PDCA cycle, also known as the Deming Cycle. This describes the four-stage control loop of the continuous improvement process, where PDCA stands for the four steps “Plan,” “Do,” “Check,” and “Act.” In this management cycle, changes and measures must first be planned and introduced, then analysed, and optimised or maintained. Then the PDCA cycle starts again from the beginning.
The following table summarises the most important topics of the ISO 45001 standard:
| Context of the organization (Chapter 4) | The context of companies or organisations depends on various factors such as size, industry, or structure, and changes continuously (customer requirements, material changes, etc.). However, like the expectations and requirements of employees, all interested parties must be familiar with it at all times so that a suitable management system can be planned and established. |
|---|---|
| Management and participation of employees(Chapter 5) | Management must play and demonstrate a leading role in the realisation, implementation, and continuous improvement of the safety management policy. For ISO 45001 conformity, roles, responsibilities, and authorities for this management must also be specified. |
| Planning(Chapter 6) | Chapter 6 of the new ISO standard for occupational health and safety deals with the planning obligations: On the one hand, it deals with the concrete formulation of the safety objectives, including the planning of how these can be achieved (e.g. eliminating hazards, procuring protective equipment, etc.). On the other hand, companies should also define measures for dealing with opportunities and risks. |
| Support (Chapter 7) | ISO 45001 describes the requirements for tangible and intangible resources for implementing these measures. These include, for example, competence, communication, awareness (objectives and opportunities must be clear to all parties), and documentation (evidence of the effectiveness the safety structures). |
| Operation (Chapter 8) | The “operation” chapter deals with operational planning and ensuring safety structures. The aim here is to create the basis for the safe use of work equipment, systems, materials, etc. and to communicate requirements for use as well as protective and precautionary measures. The handling of emergencies is also addressed. |
| Evaluation of performance (Chapter 9) | The purpose of performance evaluation is to measure the success or effectiveness of the defined safety management objectives and commitments. For example, it is necessary to analyse whether requirements have been met, risks minimised, or whether the structures and processes for safety and health at the workplace in general have been improved or if the measures are taking effect as desired. ISO 45001 allows for internal audits including the evaluation of management. |
| Improvement (Chapter 10) | At the end of the management cycle is the “Act,” which is also to be completed in the new standard for occupational safety. After the performance evaluation, the task of an organisation or a company is to initiate appropriate corrective or improvement measures. In order to achieve maximum optimisation, the cycle begins after something new (with planning). |
The first three chapters deal – as is usual for ISO standards – with the scope of application, the normative references (references to other sets of rules), and the terms and abbreviations relevant to the standard. In the appendix, companies are given instructions on how to use the occupational safety ISO.
A comparison of OHSAS 18001 and ISO 45001: the decisive changes
The high-level structure (HLS) mentioned above is undoubtedly the key innovation that sets ISO 45001 apart from OHSAS 18001 to make it easier and better for companies and organisations to plan and implement occupational health and safety measures. Another note: The context of the organization or company chapter is gaining importance thanks to the new ISO standard. Whereas in OHSAS 18001 everything revolved around the effects of health and safety aspects on one's own company, ISO 45001 requires a manager to look beyond their own nose. The consideration of external interest groups such as suppliers, authorities, and partners will therefore in future be part of the mandatory program.
Another advantage of the high-level structure as a structural authority of ISO for occupational health and safety at work is the simple integration into other HLS-based standard systems such as ISO 27001 (information security management) or the exemplary ISO 9001 (quality management) and ISO 14001 (environmental management).
Finally, OHSAS 18001 is much more cautious than ISO 45001 when it comes to the role of senior management. In accordance with the new standard, this company must not only develop an awareness of the importance of occupational health and safety protection at the workplace, but also assume considerably more responsibility in establishing and continuously improving the safety concept.
ISO 45001- certification: requirements, procedure, costs
Testing facilities such as DEKRA support companies and organisations in implementing ISO 45001 in their own operations. Following a successful implementation, the inspection bodies also issue an ISO 45001 certificate, which the companies or organisations can then use to embellish themselves.
Read up on the following before you go for ISO 45001 certification:
- Check whether the necessary technical and process knowledge for implementing ISO 45001 is available in your company or organisation.
- Appoint a committee of experts consisting of occupational health and safety officers and management representatives.
- Carry out gap analysis in order to determine the need for action.
- Determine all operational processes that involve external interest groups in occupational health and safety measures.
- Draft an implementation plan.
The ISO 45001 certification process is generally very similar for the various testing bodies: depending on the previous knowledge of the company or organisation, an optional information meeting (by telephone or in person) is held first, followed by certification on site. This is followed by an audit to review the measures, which is properly documented and leads to an assessment of the management system. If all requirements are fulfilled, the company receives the ISO 45001 certificate and the test seal of the respective testing laboratory. Both are valid for three years, with a surveillance audit every twelve months.
Please note the legal disclaimer relating to this article.
Related articles
Legal breaks at work – what employees are legally entitled to
Regulations on working hours are one of the most important arrangements between an employee and employer. But how much break time are employees entitled to? How does the law define breaks and are there any exceptions? Which breaks are paid for and which aren’t? Answers to all these questions can be found in this article.
What is corporate social responsibility (CSR)?
Companies have a responsibility towards their employees, the community, and the environment. The larger the company is, the more it penetrates into all areas of our lives and should therefore behave responsibly. The ethical focus of a company is known as its corporate social responsibility (CSR). It is not only an internal direction or corporate philosophy that dictates this – the company’s impact…
Gap analysis: the starting point for successful strategic planning
Often in projects, the actual execution of something will differ greatly from the original plan. Using gap analysis, you can see just how much they will differ from the outset. It is the first step on the road to adapting a strategy to fit real-life situations within a company. With this method, you can avoid financial downturns and business setbacks from the start.
ISO 50001 Energy Management
Reducing energy costs while protecting the environment: The international standard ISO 50001 can help you to use energy resources more efficiently in your company. An energy management system run according to ISO 50001 is designed to monitor and continuously improve energy efficiency. So, what is ISO 50001?
Standardised Risk Management: ISO 31000
Risk management in accordance with ISO 31000 can ensure a company’s survival: Every organisation frequently encounters danger factors – however, these don’t have to be a problem if you know how to deal with them. That is why many companies set up a risk management system, and the ISO 31000 standard provides a valuable tool for doing this. What does the international standard mean?