ISO 45001 Clauses Explained: Requirements and Meaning

Share with

Contents

ISO 45001 is the international standard for occupational health and safety management systems. It gives organizations a structured framework to reduce workplace risks, meet legal obligations, and protect workers. But for many safety professionals and compliance teams, the standard's clause structure can feel dense and hard to interpret.

This page breaks down each ISO 45001 clause in plain language - what it requires, why it matters, and how it fits into your health and safety management system.

The standard follows the High Level Structure (HLS), which is shared across ISO management system standards. This makes it easier to integrate with ISO 9001, ISO 14001, and others. Understanding ISO 45001 clauses explained clearly is the first step toward a compliant and functional OH&S system.

How ISO 45001 Is Structured

ISO 45001:2018 contains 10 clauses. Clauses 1 to 3 cover scope, references, and definitions. Clauses 4 to 10 are the requirements that organizations must implement. Here is a clause-by-clause walkthrough.

Clause 4 - Context of the Organization

This clause asks you to understand your organization before building your safety system.

Clause 4.1 - Understanding the Organization and Its Context

You must identify internal and external issues that could affect your OH&S objectives. Internal issues include workforce size, work processes, and existing safety culture. External issues include legal requirements, supply chain risks, and local regulations. This sets the foundation for everything that follows.

Clause 4.2 - Needs and Expectations of Workers and Other Interested Parties

Identify who has a stake in your safety system - workers, contractors, regulators, clients - and understand what they need from it. Worker participation is a core theme throughout ISO 45001, and it starts here.

Clause 4.3 - Scope of the OH&S Management System

Define the boundaries of your system. Which locations, functions, activities, and workers does it cover? The scope must be documented and reflect the context you identified.

Clause 4.4 - OH&S Management System

Establish, implement, maintain, and continually improve your system in line with the standard's requirements. This clause ties everything together.

Clause 5 - Leadership and Worker Participation

Leadership accountability is one of the most significant shifts ISO 45001 introduced compared to earlier standards.

Clause 5 - Leadership and Worker Participation

Clause 5.1 - Leadership and Commitment

Top management must take direct responsibility for the OH&S system - not delegate it entirely to a safety officer. This includes ensuring resources are available, communicating the importance of safety, and promoting a positive safety culture.

Clause 5.2 - OH&S Policy

Top management must establish a documented OH&S policy that commits to safe working conditions, legal compliance, worker consultation, and continual improvement. It must be communicated to all workers and available to stakeholders.

Clause 5.3 - Organizational Roles, Responsibilities, and Authorities

Assign clear safety responsibilities at every level. Everyone must know what they are accountable for - from senior management to frontline workers.

Clause 5.4 - Consultation and Participation of Workers

Workers must be actively involved in hazard identification, risk assessment, incident investigation, and the development of safety policies. This is not just a consultation tick-box - ISO 45001 requires genuine participation.

Clause 6 - Planning

Clause 6.1 - Actions to Address Risks and Opportunities

Before setting up objectives, organizations must identify hazards, assess risks, and determine opportunities for improvement. This includes risk assessment processes and reviewing legal and regulatory requirements. The hierarchy of controls - eliminate, substitute, engineer, administrator, PPE - must guide how risks are addressed.

Clause 6.2 - OH&S Objectives and Planning to Achieve Them

Set measurable safety objectives aligned with your policy. Define who is responsible, what resources are needed, how progress will be measured, and when objectives will be reviewed. Vague goals like "improve safety" are not sufficient - objectives must be specific and trackable.

Clause 7 - Support

Clause 7.1 - Resources

Provide the people, infrastructure, technology, and budget needed to run your OH&S system effectively.

Clause 7.2 - Competence

Workers must have the knowledge, skills, and experience to perform their roles safely. Identify competence gaps and address them through training or reassignment. Records of competence must be maintained.

Clause 7.3 - Awareness

All workers must understand the OH&S policy, the risks relevant to their roles, and what to do in an emergency. Awareness is not the same as training - it means workers genuinely understand why safety matters.

Clause 7.4 - Communication

Define what safety-related information needs to be communicated, to whom, when, and how. This includes both internal communication (between departments and management) and external communication (with contractors and regulators).

Clause 7.5 - Documented Information

Maintain the documents and records your OH&S system requires. ISO 45001 specifies which documents are mandatory - including the scope, policy, objectives, and hazard assessment records. Good documentation practices directly support audit readiness and compliance.

Clause 8 - Operation

Clause 8.1 - Operational Planning and Control

Establish controls for all activities and situations that present OH&S risks. This includes planning for change management, procurement processes, and outsourced functions. The hierarchy of controls must be applied consistently.

Clause 8.2 - Emergency Preparedness and Response

Identify potential emergencies, plan responses, and test those plans through drills and exercises. Workers must know what to do in a crisis. Plans must be reviewed after incidents or drills and updated when necessary.

Clause 9 - Performance Evaluation

Clause 9.1 - Monitoring, Measurement, Analysis, and Evaluation

Track whether your OH&S system is actually working. Monitor leading indicators (near misses reported, inspections completed) and lagging indicators (injury rates, lost time). Evaluate legal compliance at planned intervals.

Clause 9.2 - Internal Audit

Conduct internal audits at planned intervals to check whether the system conforms to the standard and is effectively implemented. Auditors must be objective and impartial. Findings must be reported to management.

Clause 9.3 - Management Review

Top management must review the OH&S system periodically - not just receive a report. The review must assess performance trends, audit results, incident data, and whether objectives are being met. Outputs must include decisions on improvements and resource needs.

Clause 10 - Improvement (H2)

Clause 10.1 - General

Identify opportunities to improve and take action. Continual improvement is a core principle of ISO 45001, not a one-time exercise.

Clause 10.2 - Incident, Nonconformity, and Corrective Action

When something goes wrong - an incident, near miss, or nonconformity - investigate it, find the root cause, and implement corrective action. Simply fixing the immediate problem is not enough. You must prevent it from happening again. A structured corrective action process is essential here.

Clause 10.3 - Continual Improvement

Actively work to enhance OH&S performance over time - not just maintain it. This includes improving the suitability, adequacy, and effectiveness of the system as a whole.

What Makes ISO 45001 Different from Earlier Standards

ISO 45001 replaced OHSAS 18001 in 2018. The most notable differences are the elevated role of top management, the explicit focus on worker participation, and the risk-based approach applied throughout the standard.

Where OHSAS 18001 allowed safety to be managed largely by a dedicated team, ISO 45001 integrates safety responsibility across the entire organization. It also aligns with other ISO standards through the High Level Structure, making it easier to run an integrated management system covering quality, environment, and safety together.

For organizations working toward ISO 45001 certification, understanding the clause structure is essential - not just for passing an audit, but for building a system that genuinely protects workers.

Managing all these clauses manually - across documentation, audits, incidents, training records, and legal registers - creates significant administrative burden. Effivity's occupational health and safety management software is built around the ISO 45001 structure, helping teams stay compliant without drowning in paperwork.

Get a Free Personalized Demo to see how Effivity maps to each clause of ISO 45001.

Free Demo →

Frequently Asked Questions

ISO 45001 has 10 clauses. Clauses 4 to 10 contain the requirements organizations must implement to achieve compliance.

Clause 5 on leadership and worker participation is considered foundational, as it sets accountability at the top and ensures workers are genuinely involved in safety decisions.

Clause 6.1 requires organizations to identify hazards, assess OH&S risks and opportunities, and determine how to address them using the hierarchy of controls.

ISO 45001 is not legally mandatory in most countries, but it helps organizations meet their legal compliance obligations by providing a structured framework for managing workplace safety.

Share with