How Does ISO 45001 Standard Work to Elevate Your Business?

Achieve ISO 45001 through a proven Plan-Do-Check-Act (PDCA) cycle. This process-based approach embeds occupational health & safety into your operations:

• PLAN: Identify OH&S hazards & legal requirements and establish safety objectives.

• DO: Implement and document operational controls, safe work procedures, and emergency preparedness.

• CHECK: Monitor OH&S performance, investigate incidents, and analyse compliance.

• ACT: Implement corrective actions, address root causes, and drive safety process improvements.

This framework establishes a continual improvement loop for your safety management system, systematically reducing workplace risks and fostering a proactive safety culture to protect your people and performance.

• Identify OH&S legal and other requirements.

• Establish safety objectives and targets.

• Implement hazard controls and safe work procedures.

• Document OH&S processes and emergency plans.

• Monitor safety performance indicators and incidents.

• Analyse compliance and investigate root causes.

• Implement corrective actions for incidents.

• Take preventive measures to mitigate risks.

• Review safety performance and system effectiveness regularly.

• Identify incidents, non-conformities, and opportunities.

• Implement safety process improvements.

Core Environmental Management Principles:

• Worker focus and fulfilling legal duties
• Leadership commitment to safety culture and protecting workers
• OH&S process approach and hazard/risk-based thinking
• Evidence-based safety decision making
• Consultation and participation of workers and interested parties
• Continual improvement of OH&S performance

The Main ISO 45001 Clauses - Complete Breakdown:

OH&S Management System (OH&S MS) Scope

The scope defines the boundaries of your Occupational Health and Safety Management System (OH&S MS), specifying what is included and certified. It sets clear expectations for audits, regulators, workers, and other interested parties.

A concise scope should include:

• Organisation: The specific part of the company covered.

• Locations: The physical or operational sites are included.

• Activities: The core processes under the system (e.g., manufacturing, logistics, office operations).

• Products/Services: The specific outputs of the organisation.

Be accurate and truthful. The scope must reflect actual organisational activities and their associated OH&S risks and opportunities. Exclusions to ISO 45001 requirements are not permitted for its core clauses; the scope defines where the system applies, not which requirements it follows. Avoid vague language—clarity is critical for auditability and credibility.

For more information go to to www.compassrose.one blog. www.compassrose.one/common-iso-standards-compliance/iso45001 or email justask@compassrose.one

Context of the Organisation (Clause 4)

You must identify and analyse the internal and external factors that can affect your ability to achieve the intended outcomes of your OH&S MS. This includes considering regulatory trends, the business environment, the needs and views of workers, local community concerns, and your organisational culture. High risks to the company will be made into objectives to help lower the risk to the business. 

4.2 Understanding the needs and expectations of workers and other interested parties
Determine which parties (e.g., workers, regulators, contractors, visitors, the community, emergency services) are relevant to your OH&S MS. You must identify their needs and expectations, assess which of these become legal and other compliance obligations, and decide which you will address through your OH&S MS.

4.3 Determining the scope of the OH&S management system
Using the analysis from 4.1 and 4.2, you must establish the boundaries and applicability of your OH&S MS, which becomes the certified Scope. (See OH&S MS Scope above). The scope must be relevant to the company

. 

4.4 OH&S management system
You must establish, implement, maintain, and continually improve your OH&S MS in accordance with the requirements of ISO 45001. How you do this is entirely up to your company, but procedures, work instructions, and toolbox talks all help with the continual improvement

.

Leadership and Worker Participation (Clause 5)

Effective leadership and worker participation are the critical drivers of a successful OH&S Management System.

5.1 Leadership and Commitment:

Top management must demonstrate leadership and commitment by taking ultimate accountability for preventing work-related injury and illness and for providing safe and healthy workplaces and activities. This includes establishing the OH&S policy and objectives, ensuring the integration of OH&S into business processes, and protecting workers from reprisals when reporting incidents.

5.2 OH&S Policy:

Top management must establish an OH&S policy that includes commitments for providing safe and healthy working conditions, fulfilling compliance obligations, and eliminating hazards and reducing OH&S risks. The policy must be communicated, available, and maintained as documented information.

5.3 Organisational Roles, Responsibilities, Authorities and Accountabilities:

Top management must assign and communicate responsibility and authority for key OH&S roles, including ensuring conformity and reporting on performance.

5.4 Consultation and Participation of Workers:

To fulfil this clause, the company must establish formal, two-way processes ensuring workers are actively involved in the OH&S management system, not just informed. This requires creating safe mechanisms for participation without fear of reprisal.

Workers must be consulted on key decisions before they are finalised. This includes identifying hazards, assessing risks, developing controls, investigating incidents, and setting OH&S objectives. The company must provide clear information, a reasonable time, and necessary resources for workers and their representatives to participate meaningfully.

Management must genuinely consider this input and provide feedback on how it was used. The goal is to leverage workers' direct operational knowledge as partners in safety, creating a collaborative culture that enhances hazard identification and control. The effectiveness of these consultation processes must be regularly evaluated and improved.

Planning (Clause 6)

6.1 Actions to address risks and opportunities

When planning for the OH&S management system, the organization shall consider the issues referred to in 4.1 (context), the requirements referred to in 4.2 (interested parties) and 4.3 (the scope of its OH&S management system) and determine the risks and opportunities that need to be addressed to:

a) give assurance that the OH&S management system can achieve its intended outcome(s);
b) prevent, or reduce, undesired effects;
c) achieve continual improvement.

6.1.2 Hazard Identification and Assessment of Risks and Opportunities:

You must establish a process to proactively identify hazards arising from your activities. You must assess the OH&S risks from these hazards, and also identify opportunities to enhance OH&S performance.

• 6.1.2.1 Hazard Identification:The organisation must establish methods to proactively seek out and recognise hazards. This includes physical, chemical, biological, ergonomic, and psychosocial hazards arising from: routine and non-routine activities; all persons entering the workplace (e.g., contractors, visitors); human factors like behaviour and workload; and the design of work areas, processes, and equipment. Hazards from change, foreseeable emergencies, and previous incidents must also be considered.

• 6.1.2.2 Assessment of OH&S Risks: For each identified hazard, the organisation must assess the level of risk. This involves analysing the likelihood and severity of potential injury or ill health, taking into account the effectiveness of any existing controls. The assessment methodology must be defined (e.g., risk matrix) and produce a prioritised understanding of which risks require the most urgent or robust action.

• 6.1.2.3 Identification of OH&S Opportunities:In addition to assessing risks, the organisation must use the same systematic process to identify positive opportunities to improve OH&S performance. These can arise from the assessment itself, worker consultation, technological advancements, or best practice benchmarking. Opportunities may include improving working conditions, enhancing worker well-being initiatives, or optimising the work environment to proactively prevent issues.

6.1.3 Determination of Legal Requirements and Other Requirements:

This clause establishes the compliance foundation of the OH&S management system. The organisation must establish and maintain a formal process to proactively identify, assess, and understand all legal requirements(e.g., national laws, local regulations) and other requirements (e.g., industry standards, collective agreements, customer contracts) that relate to its OH&S hazards and risks. This process must be kept up-to-date. The organisation must also determine exactly how these specific requirements apply to its activities, products, and services. This knowledge is essential for ensuring legal conformity, managing compliance obligations, and informing risk assessment and operational planning.

6.1.4 Planning to Take Action:

This clause translates risk assessment and compliance findings into a concrete, actionable plan. Using the outputs from 6.1.2 (hazards, risks, opportunities) and 6.1.3 (requirements), the organisation must plan actions to:

1. Eliminate hazards and reduce OH&S risks, applying the hierarchy of controls(e.g., engineering solutions before administrative controls).

2. Fulfil all identified legal and other compliance obligations.

3. Address identified opportunities for enhancing OH&S performance.

4. Prepare for and respond to potential emergency situations.

These planned actions must be integrated into the organisation’s operational processes (Clause 8) and must include consideration of timelines, responsibilities, and resources required for effective implementation.

These actions must be integrated into your OH&S MS processes and operational controls (8.1, 8.2).

6.2 OH&S Objectives and Planning to Achieve Them:
Establish measurable OH&S objectives at relevant functions and levels. When planning how to achieve them, you must define:

• What will be done?

• What resources are required?

• Who will be responsible?

• When will it be completed?

• How the results will be evaluated.

Support (Clause 7)

Clause 7 details the resources and framework required to establish, implement, and maintain the OH&S MS.

7.1 Resources:

Determine and provide the necessary resources for the establishment, implementation, maintenance, and continual improvement of the OH&S MS.

7.2 Competence:

Ensure that any person(s) under the organisation's control who perform tasks that can impact OH&S performance are competent based on education, training, or experience. Retain appropriate records.

7.3 Awareness:

Persons doing work under the organisation’s control must be aware of the OH&S policy, their contribution to OH&S effectiveness, the benefits of improved OH&S performance, and the implications of not conforming to procedures.

7.4 Communication:

Establish internal and external communication processes relevant to the OH&S MS, including what, when, with whom, and how to communicate. Ensure external communications are reliable.

7.5 Documented Information:

Maintain documented information required by the standard and determined by the organisation as necessary for OH&S MS effectiveness. Control its creation, updating, approval, distribution, storage, and retention. For better information on this, see our page ISO9001.

Operation (Clause 8)

8.1 Operational planning and control
Establish, implement, and control processes needed to meet OH&S MS requirements and to implement the actions identified in Clause 6. This includes implementing a hierarchy of controls, managing change, and controlling outsourcing, procurement, and contractors.

8.2 Emergency preparedness and response
Establish and maintain processes to prepare for and respond to potential emergency situations to prevent or mitigate adverse OH&S consequences. Test these procedures periodically and review them, especially after an incident occurs.

Performance evaluation (Clause 9)

9.1 Monitoring, Measurement, Analysis and Performance Evaluation:
Determine what needs to be monitored (e.g., performance against objectives, compliance status, worker health surveillance), the methods for measurement, and when analysis will occur. Evaluate OH&S performance and the effectiveness of the OH&S MS.

9.2 Internal Audit:
Conduct internal audits at planned intervals to provide information on whether the OH&S MS conforms to the organisation’s own requirements and ISO 45001, and is effectively implemented and maintained.

9.3 Management Review:
Top management must review the OH&S MS at planned intervals to ensure its continuing suitability, adequacy, effectiveness, and alignment with strategic direction. The review must consider:

• Changes in context, compliance obligations, and risks/opportunities.

• Status of objectives and corrective actions.

• Results of audits, compliance evaluation, and worker consultation.

• OH&S performance and incidents.

• Opportunities for continual improvement.

Improvement (Clause 10)

10.1 General:
The organisation shall determine opportunities for improvement and implement necessary actions to achieve the intended outcomes of the OH&S MS.

10.2 Incident, Nonconformity and Corrective Action:
When an incident or nonconformity occurs, you must:

• React and take timely action to control and correct it.

• Evaluate the need for action to eliminate the root cause and prevent recurrence.

• Implement any necessary corrective action.

• Review the effectiveness of actions taken.

• Retain documented information on incidents, nonconformities, and corrective actions.

10.3 Continual Improvement:
The organisation shall continually improve the suitability, adequacy, and effectiveness of the OH&S MS to enhance OH&S performance.

ISO 45001 Frequently Asked Questions.

What is ISO 45001?
A:

ISO 45001 is the international standard for Occupational Health and

Safety Management Systems. It provides a framework for organisations

to proactively improve their OH&S performance, prevent work-related injury

and ill health, and provide a safe and healthy workplace.

What are the main benefits of ISO 45001 certification for a UK business?

A:

Legal Compliance: Systematically manages compliance with UK health

and safety law (e.g., HSWA 1974, MHSWR, RIDDOR, etc.).

Reduced Accidents & Costs: Lowers the risk of workplace incidents, reducing costs from fines, insurance, and lost time.

Improved Reputation & Trust: Demonstrates to clients (especially in construction, manufacturing, and the public sector), insurers, and the public a commitment to safety.

Better Morale & Culture: Engages staff in safety, leading to higher morale and productivity.

Tender Requirement: Often a prerequisite for winning contracts, particularly with government and large corporations.

What are the key steps to implement ISO 45001?
A:

1. Gap Analysis: Assess your current system against the standard.
   

2. Define Context & Scope: Understand your organisation's needs and define the system's boundaries.

3. Establish a Policy & Objectives: Set your safety ambitions.

4. Plan: Identify hazards, assess risks/opportunities, and determine legal requirements (e.g., UK HSE regulations).

5. Support & Operation: Provide resources, competence, awareness, communication, and control operational risks.

6. Performance Evaluation: Monitor, measure, analyse, conduct internal audits, and management review.

7. Improvement: Address incidents, non-conformities, and take corrective action.

How much does ISO 45001 certification cost in the UK?
A:

There's no fixed price. Costs depend on:

• Consultancy Fees(if used): For gap analysis, training, and documentation support.

• Certification Body Fees(e.g., UKAS, Independent, self-certify): Based on your organisation's size, complexity, and risk. A small business might pay £3,000-£5,000 for a 3-year certification cycle, while a large multinational will pay significantly more.

• Internal Resources: Staff time to develop and maintain the system.

How long does it take to get certified?
A:

For a typical SME,6-12 months from start to certification audit, assuming dedicated effort. Complexity and existing health and safety arrangements are key factors.

How does ISO 45001 relate to UK health and safety law?
A:

ISO 45001 is a framework that helps you systematically comply with the law. Clause 6.1.3 requires you to:

• Identify all applicable legal requirements (e.g., Health and Safety at Work Act, Management of Health and Safety at Work Regulations, PUWER, LOLER, CDM, RIDDOR).

• Maintain an up-to-date Legal Register.

• Evaluate your compliance regularly.

• UK Auditors will always check this. They want to see how you track changes from the HSE and how you ensure compliance.

What is "worker participation" and how do we demonstrate it? 
A:

It means involving workers in OH&S decisions. You must demonstrate consultation (two-way dialogue) and participation (involving workers in processes). Evidence includes:

• Safety Committee minutes showing worker input and management responses.

• Records of consultation on risk assessments, safe working procedures, and changes.

• Mechanisms for reporting hazards/concerns (e.g., apps, forms) and records showing they were addressed.

• Involvement of workers in incident investigations.

What are the most common non-conformities in a UK ISO 45001 audit?
A:

1. Weak or no evidence of top management leadership(Clause 5.1).

2. Insufficient demonstration of worker consultation and participation(Clause 5.4).

3. Incomplete Legal Register or no process for evaluating legal compliance (Clause 6.1.3).

4. Hazard identification and risk assessment are not proactive, systematic, or do not cover all activities (Clause 6.1.2).

5. Objectives not monitored or measured effectively (Clause 6.2).

6. Operational controls are defined or implemented for significant risks (Clause 8.1).

7. Internal audit programme not covering all processes or not addressing effectiveness (Clause 9.2).

8. Management Review inputs/outputs are incomplete or lack evidence of decision-making (Clause 9.3).

Can you give an example of an ISO 45001 risk assessment?

A:

A simple example for office work:

• Hazard: Slip/trip from loose cabling.

• Who's at Risk: All staff and visitors.

• Existing Controls: Cable tidies, desk grommets.

• Risk Rating (Likelihood x Severity): Low/Medium.

• Further Actions: Install additional cable trunking, and weekly visual checks by floor wardens.

• This process must be documented.

How does ISO 45001 integrate with ISO 9001 and ISO 14001?
A:

They share the Annex SL High-Level Structure, making integration straightforward. Common elements include:

• Context, Leadership, Planning, Support, Operation, Performance Evaluation, Improvement.

• You can have a single Integrated Management System (IMS)with a combined policy, internal audits, and management review, saving time and resources.

Is ISO 45001 suitable for small businesses or offices?
A:

Absolutely. The standard is scalable. The focus is on controlling your specific risks. For a low-risk office, the system will be simpler (e.g., focus on DSE assessments, fire safety, mental well-being, and contractor management) than for a construction firm, but the principles are the same. The HSE also provides guidance tailored to small businesses.

By understanding these questions and their answers, you can build a robust ISO 45001 system that satisfies both the standard's requirements and the specific scrutiny of UK certification bodies.