Home » Compliance Management Blog- ESG, EHS, EHSQ » ISO 45001- The Standard Replacing OHSAS 18001

ISO 45001- The Standard Replacing OHSAS 18001

Jonathan Brun

ISO 45001

With nearly 70 countries involved in its development, ISO 45001 will replace OHSAS 18001, the existing management system standard for Occupational Health & Safety (OH&S).

Still in its approval stage, the ISO 45001 should come to force by March 2018. The standard would be relevant to all organizations whether large or small with low or high risk operations.

To help you prepare for the transition and provide you with a preview of the standard, we have addressed the questions most commonly asked.

Also, to help you audit against the requirements of the new standard, here is the complete ISO 45001:2018 checklist. Use it on Nimonik Audit, available on iOS and Android, to efficiently conduct the audit and create an instant audit report.

Why replace the existing standard?

More than 2 million people die every year as a result of work-related activities according to an estimate by the International Labour Organization. Majority deaths are related to cancers.

This happens despite the implementation of OHSAS 18001, the current OH&S standard.

To address this gap in OHSAS 18001, ISO has been working on a new standard, the ISO 45001 to help organizations improve their OH&S risks.


How is ISO 45001 different from OHSAS 18001?

Although largely influenced by the OHSAS 18001, with similar requirements in a slightly different sequence and terminology, compared to the former’s reactive approach to hazard control, ISO 45001 would take a more proactive approach to risk control. Another key change would be the focus on the system’s performance indicators and improvement.

Some of the improvements incorporated in ISO 45001 are as follows:


1. Structure similar to other management system standards

ISO 45001 is based on Annex SL, which is the framework used in other ISO management system standards. This would make its (and other management system standards) implementation easier, efficient, and streamlined.


2. Top-down approach to safety

In ISO 45001, management’s ownership and commitment to the organization’s OH&S  is central to the standard’s effectiveness and integration.

Unlike 18001, that delegated responsibility to safety personnel, ISO 45001 would require the incorporation of health and safety in the overall management system of the organization, thus driving top management to have a stronger leadership role in the safety and health program.

With 45001, the safety culture of the organization will be supported by the engagement of management with workers and demonstrated by a top-down emphasis. Instead of providing oversight of the program, management would be true safety leaders. 

Protection of workers, as well as performance improvements, are roles of leadership under the new ISO 45001.


3. Ensures workers are aware of the risks and their responsibilities

ISO 45001 would require an organization to ensure their workers are competent to do their assigned tasks safely.

Workers will have broader participation in the new standard, with employees required to work with management to implement the safety management system (SMS).  ISO 45001 would make employee training and education to identify risks and help the company create a successful safety program, mandatory. Internal audits and risk assessment results would be required to be openly shared with workers, allowing for employee input.

Under ISO 45001, the responsibility of safety management belongs to everyone in the organization.


4. More focus on prevention than control

ISO 45001 would follow a preventive process, requiring hazard risks to be evaluated and remedied, as opposed to hazard control, under OHSAS 18001.

Organizations will be required to identify potential hazard risks before they cause accidents and injuries.

Audits, job safety analyses and monitoring of workplace conditions will be vital to ensure the proactive approach prescribed by ISO 45001.


5. New clause for documented information

ISO 45001 will replace the requirement in 18001 for references to documentation and records with a new clause.

The new clause would still incorporate the concepts of documentation and records, but there would be no mandated procedures. With the risk-based approach of ISO 45001, documented procedures are a risk control mechanism. It would be overly prescriptive for the standard to specify when documented procedures are needed. Your organization does not need to throw existing documented procedures away. It should just consider whether it really needs them and how best to apply them.


6. Ensure suppliers and contractors manage risks

Under the new standard, the organizations would be required to take into account how their suppliers and contractors manage their risks.


What remains unchanged from 18001?

The overall intent to focus on hazard, risk, and controls, the Plan-Do-Check-Act model, planning and policy, legal requirements, improvement objectives, action planning, monitoring, awareness, competency and resources needed to support the system remain similar to 18001.


What would be some of the key benefits of ISO 45001?

ISO 45001’s framework can take organizations to the next level in safety and health. A few of the benefits that organizations who implement the standard would attain are:

  • Easier integration with other ISO standards because of the Annex SL structure
  • Increased awareness of its OH&S risks
  • Continual improvement of its OH&S performance
  • Reputation for being one of the safest places to work
  • Improved ability to respond to regulatory compliance issues
  • Reduction in the overall costs of incidents
  • Reduction in downtime and the costs of disruption to operations
  • Reduction in the cost of insurance premiums
  • Reduced absenteeism and employee turnover rates
  • Recognition of achievement of an international benchmark which would in turn influence the many existing and potential customers who are concerned about their social responsibilities


What would the transition process be like?

Organizations that  are OHSAS 18001 certified should:

  • Monitor the changes in ISO 45001. The draft is available on the ISO website which can provide detailed information on expected changes
  • Speak with the client manager or assessor
  • Consider the integration opportunity with existing management systems
  • Make management aware of the upcoming changes and the need of a transition plan and resources


The organizations that do not yet have OHSAS 18001 certification but are planning to get their OH&S system certified, must go on to achieve OHSAS 18001 certification as it would be valid for another three years after the ISO 45001 comes to force. It is unsafe for employees to work in conditions that have not been proven safe by the certification so no organization needs to wait for the new standard.


ISO 45001 doesn’t require dozens of documents and hundreds of pages. Implementation can be simple with minimal documentation.


7 simple steps for ISO 45001 implementation

Certification sounds complicated to many because of the red tape involved, but it is absolutely not necessary to maintain a long list of documents, at least for OH&S certification!

Below is a simple 7-step approach to getting started with a safe, thorough, yet simple management system!

Step-1 The context of the organization
Identifying the external and internal influences (people/organizations) on your organization, ensuring you have requirements in your system to meet their expectations

Step-2 Leaders and workers together set the policy and assign roles and responsibilities
As each sees the issues with a different perspective, the OH&S program is way more effective if everyone irrespective of hierarchy is included in designing the policies

Step-3 Plan to identify the risks and then mitigate those risks
Identify the processes in your facility/organization
Identify risks in those activities as well as the accountable person for those processes
Mitigate the risks with controls
Determine the support and resources needed to implement the controls

Step-4 Operation To-Do list
Assigning responsibilities to plan the required resources, training and, and documentation of the controls in place.

Step-5 Performance Evaluation
This step is critical to ISO 45001. Start with an internal audit to evaluate compliance with risk mitigating controls and ensuring they are valid.

Step-6 Improve
ISO 45001 requires continual improvement by

Addressing incidents
Finding root causes
Updating with new information and requirements

Step-7 Repeat to ensure zero accidents



Whether your organization is a micro business or a global conglomerate, a non-profit organization, an academic institution, or a government department, ISO 45001 can provide you with a systematic approach to manage the health and safety of your people.

About Nimonik

Nimonik exists to help organizations comply with regulatory requirements – leading to less environmental damage, better worker safety and higher quality products. We can help you with:

  • a comprehensive list of EHS requirements that apply to your operations and alert you when those requirements change.
  • an easy to use web app so you can act on the changes, collaborate with teams, and maintain complete logs of your compliance efforts, retrievable at the click of a button.
  • a mobile auditing app that will save you hours in auditing, report writing, and corrective action follow-ups.
  • air-monitoring devices so you can easily monitor indoor or outdoor pollutants online and receive alerts when they exceed your set limits.

We take pride in the accuracy and comprehensiveness of our regulatory content, speedy updates, easy to use software, exceptional customer support, and state of the art IT security that none of our competitors can match. 

Contact us to discuss how we can help make your regulatory compliance more efficient.