ISO 45001, finalized in 2018, replaces a previous standard, OHSAS 18001, which was developed by auditors as a health and safety complement to quality and environmental standards (ISO 9001 and ISO 14001). ISO 45001 is a conformance standard, intended for use with third-party certification. It is gaining traction, particularly among companies that live in the conformance environment, such as those that are part of supply chains. Third-party certification provides a degree of assurance to customers who want to be sure they are doing business with reputable companies. 

What are the major differences between OHSAS 18001 and ISO 45001?

There are many differences, but the main change is that ISO 45001 concentrates on the interaction between an organization and its business environment while OHSAS 18001 was focused on managing OH&S hazards and other internal issues. But the standards also diverge in many other ways:

  • ISO 45001 is process-based – OHSAS 18001 is procedure-based
  • ISO 45001 is dynamic in all clauses – OHSAS 18001 is not
  • ISO 45001 considers both risk and opportunities – OHSAS 18001 deals exclusively with risk
  • ISO 45001 includes the views of interested parties – OHSAS 18001 does not

These points represent a significant shift in the way health and safety management is perceived. OH&S is no longer treated as a “stand alone,” but must be viewed within the perspective of running a sound and sustainable organization. That said, although the two standards differ in their approach, a management system established in accordance with OHSAS 18001 will be a solid platform for migrating to ISO 45001.


An ISO 45001 based OH&S management system will enable an organization to improve its OH&S performance by:

  • Developing and implementing an OH&S policy and OH&S objectives
  • Establishing systematic processes which consider its “context” and which take into account its risks and opportunities, and its legal and other requirements
  • Determining the hazards and OH&S risks associated with its activities; seeking to eliminate them, or putting in controls to minimize their potential effects
  • Establishing operational controls to manage its OH&S risks and its legal and other requirements
  • Increasing awareness of its OH&S risks
  • Evaluating its OH&S performance and seeking to improve it, through taking appropriate actions
  • Ensuring workers take an active role in OH&S matters

In combination, these measures will ensure that an organization’s reputation as a safe place to work will be promoted, and can have more direct benefits, such as:

  • Improving its ability to respond to regulatory compliance issues
  • Reducing the overall costs of incidents
  • Reducing downtime and the costs of disruption to operations
  • Reducing the cost of insurance premiums
  • Reducing absenteeism and employee turnover rates
  • Assuring customers who are concerned about their social responsibilities

Source: AIHA’s The Synergist https://synergist.aiha.org/201903-active-health-and-safety


Risk. A universal definition of the term “Risk” is clarified in ISO 45001, as the meaning of this varies in some countries. The issue of hazard identification is that it is currently very manufacturing- and hardware-orientated, when more and more of us are working in services. 

The term “Hazard Identification” is covered by the terms “risk identification” and “risk control” to ensure we encompass all potential hazards applicable to all industries and sectors.

The Worker. There are differences in the definition of this term and various legal constraints around this term in different countries – in the context of ISO 45001, “The Worker” is defined as the person performing work or work-related activities that are under the control of the organization.

Workplace. This is now defined as the place under the control of the organization where a person needs to be or to go for work purposes.


Certification Review & Decision includes; granting, refusing, maintaining, renewing, suspending, restoring or withdrawing certification or expanding or reducing the scope of the certification.

Once ISO 45001 is released Certification will last for three years and is subject to mandatory audits every year to ensure that you are compliant. At the end of the three years, you will be requested to complete a reassessment audit in order to become recertified to the standard.

Checklist questions:

Have you determined external and internal issues that are relevant to your purpose and your strategic direction and that affect your ability to achieve the intended outcomes of your Occupational Health and Safety Management System?

Have you implemented and have the system in place to maintain and continually improve your OH&S management system, including the processes needed and their interactions, in accordance with the requirements of ISO 45001?

Does top management ensure that the responsibilities and authorities for relevant roles within the OH&S management system are assigned, available as documented information, communicated and understood at all levels within the organization?

Has your organization established, implemented and maintained a process(es) for consultation and participation of workers at all applicable levels and functions, and where they exist, workers’ representatives, in the development, performance evaluation and actions for improvement of the OH&S system?

Has your organization established OH&S objectives at relevant functions, levels that are needed to maintain and continually improve the OH&S management system?

How does your organization establish, implement and maintain processes for evaluating compliance with legal and other requirements?

How do you determine and select opportunities for improvement and implement any necessary actions to achieve intended outcomes of your OH&S management system?

How does your organization continually improve the suitability, adequacy and effectiveness of the OH&S management system?

Source: Telarc