ISO 45001 Requirements: Complete Guide to Clauses and Documentation

Getting your workplace safety management system right isn't just about following rules. It's about protecting people, reducing incidents, and building a culture where everyone goes home safe. ISO 45001 provides the framework, but understanding what's actually required can feel overwhelming when you're starting out.

Whether you're in construction, manufacturing, or any industry where safety matters, ISO 45001 lays out specific requirements your organization must meet. This guide breaks down each clause, explains mandatory procedures, and clarifies exactly what documentation you need. No jargon, no confusion - just practical information to help you build a system that works.

The standard replaced OHSAS 18001 with a stronger focus on leadership involvement, worker participation, and risk-based thinking. Organizations across sectors like oil and gas, healthcare, and mining use these requirements to create safer workplaces while meeting regulatory expectations.

Understanding ISO 45001 Clauses

ISO 45001 follows the High-Level Structure used across ISO management system standards. This makes integration easier if you already have quality or environmental systems in place.

The standard contains 10 main clauses, but only clauses 4 through 10 contain actual requirements. The first three clauses cover scope, normative references, and terms and definitions.

Context of the Organization

Clause 4 requires you to understand your organization's internal and external factors that affect occupational health and safety. You need to identify interested parties - workers, contractors, regulators, communities - and their requirements.

This clause asks you to define the scope of your OH&S management system. What activities, products, and services does it cover? What sites and locations? Being clear here prevents gaps and confusion later.

Leadership and Worker Participation

Clause 5 places responsibility squarely on top management. Leaders must demonstrate commitment, establish an OH&S policy, and assign roles and responsibilities throughout the organization.

Worker consultation and participation isn't optional. Employees need genuine involvement in hazard identification, risk assessment, incident investigation, and improvement activities. This clause recognizes that people doing the work often have the best insights into safety risks.

Planning

Clause 6 covers how you identify hazards and assess risks. You must have processes to recognize dangers before they cause harm, evaluate the risks, and determine controls.

Risk-based thinking extends beyond immediate hazards. You need to consider opportunities to improve OH&S performance and plan how to achieve your objectives. This includes setting measurable targets and defining how you'll reach them.

Support

Clause 7 addresses the resources, competence, awareness, communication, and documented information needed for your system to function. Resources include people, infrastructure, technology, and financial means.

Training and competency requirements ensure workers understand OH&S risks and know how to work safely. Communication processes - both internal and external - keep everyone informed. The clause also defines what documents and records you must maintain.

ISO 45001 Requirements Checklist

A systematic checklist helps ensure nothing falls through the cracks during implementation. Here's what you need to verify:

Context and Scope: Have you documented internal and external issues? Identified interested parties and their needs? Defined system boundaries clearly?

Leadership Commitment: Does top management demonstrate active involvement? Is the OH&S policy appropriate and available? Are roles and responsibilities assigned?

Hazard and Risk Management: Do you have processes to continuously identify hazards? Are risk assessments documented? Have you determined necessary controls?

Objectives and Planning: Are OH&S objectives established, measurable, and monitored? Do you have action plans to achieve them?

Operational Controls: Have you implemented controls for identified risks? Are procedures in place for emergency preparedness?

Performance Monitoring: Do you measure and monitor OH&S performance? Are internal audits conducted regularly?

Improvement Processes: How do you handle incidents and nonconformities? Is there a process for corrective action?

Mandatory Documents Required by ISO 45001

Unlike older standards, ISO 45001 uses the term "documented information" instead of "documents" and "records." You control what needs documenting based on your organization's size, complexity, and risk profile.

Required Documented Information

The standard explicitly requires these documents:

Scope of the OH&S Management System: Clear boundaries of what your system covers, including any exclusions with justification.

OH&S Policy: A statement of your organization's commitment to occupational health and safety, signed by top management.

OH&S Objectives: What you plan to achieve, with measurable indicators.

Processes for Hazard Identification and Risk Assessment: How you systematically find and evaluate dangers.

Methodology and Criteria for Risk Assessment: The approach you use to determine risk levels and prioritize controls.

Records to Maintain

You must keep evidence demonstrating your system works:

Competency records showing workers are trained and qualified
Results of consultations with workers and their representatives
Monitoring and measurement results
Calibration records for monitoring equipment
Audit findings and results
Management review outcomes
Incident investigation reports
Evidence of corrective actions taken

Document control ensures these materials stay current, accessible, and protected from unauthorized changes.

Mandatory Procedures for ISO 45001

While the standard doesn't mandate specific "procedures" in the traditional sense, certain processes must be established, implemented, and maintained.

Operational Control Procedures

You need documented processes to eliminate hazards and reduce risks. This includes safe work procedures, permit-to-work systems, lockout/tagout protocols, and contractor management processes.

Emergency preparedness procedures outline how you'll respond to potential emergencies. These should be tested periodically to ensure effectiveness.

Communication Processes

Establish how you'll communicate internally about OH&S matters and respond to external communications. Workers need clear channels to report hazards, and management needs ways to share policy updates and performance information.

Incident Investigation Process

When things go wrong, you need a systematic way to investigate, determine root causes, and prevent recurrence. This process should involve affected workers and focus on system improvements, not blame.

Monitoring and Measurement

Define what you'll measure, how you'll measure it, and how often. This includes leading indicators (proactive measures like safety observations) and lagging indicators (reactive measures like injury rates).

Try Effivity for Free - Experience how digital transformation simplifies ISO 45001 compliance, reduces administrative burden, and creates a safer workplace for everyone.

Get started with us

Implementing ISO 45001 Requirements with Software

Manual systems using spreadsheets and paper forms struggle to keep pace with today's safety management needs. Occupational health and safety management system software centralizes all requirements in one platform.

Effivity helps organizations manage every aspect of ISO 45001 compliance. The platform handles hazard identification, risk assessments, incident tracking, audit management, and document control. Real-time dashboards show your safety performance at a glance.

Built-in workflows guide you through corrective actions, ensuring issues get resolved systematically. Automated reminders prevent training expirations and audit deadlines from slipping through. Mobile access means workers can report hazards or complete safety checklists from anywhere.

For organizations managing multiple standards, Effivity supports integrated management systems, combining ISO 45001 with quality, environmental, and information security requirements in a unified framework.

ISO 45001 Certification Process

Understanding requirements is one thing. Getting certified requires demonstrating you meet them consistently.

Gap Analysis: Compare your current practices against ISO 45001 requirements. Identify what's missing or needs improvement.

System Development: Build or update processes, procedures, and documentation to address gaps.

Implementation: Roll out your OH&S management system. Train employees, conduct risk assessments, start tracking performance.

Internal Audits: Verify your system works as intended before external auditors arrive. Internal audit planning and execution catches issues early.

Management Review: Leadership evaluates system performance and makes strategic decisions.

Certification Audit: An accredited certification body conducts stage 1 (documentation review) and stage 2 (implementation verification) audits.

Continual Improvement: Certification isn't the finish line. Ongoing monitoring, audits, and improvements maintain compliance and drive better safety outcomes.

Get a Free Personalized Demo - See how Effivity streamlines the entire certification journey, from gap analysis through surveillance audits.

Demo

Frequently Asked Questions

The 10 clauses are: Scope, Normative References, Terms and Definitions, Context of the Organization, Leadership and Worker Participation, Planning, Support, Operation, Performance Evaluation, and Improvement. Only clauses 4-10 contain auditable requirements.

Required documents include the OH&S management system scope, OH&S policy, objectives, risk assessment methodology, operational controls, emergency procedures, and various records proving system effectiveness like audit results, training records, and incident investigations.

ISO 45001 doesn't specify a fixed number of "procedures" but requires established processes for hazard identification, risk assessment, operational control, emergency preparedness, incident investigation, monitoring, auditing, and management review.

Clauses are the standard's structural sections. Requirements are the specific "shall" statements within clauses 4-10 that organizations must fulfill to achieve compliance and certification.

ISO 45001 emphasizes leadership involvement, worker participation, risk-based thinking, and organizational context more than OHSAS 18001. It uses ISO's High-Level Structure, making integration with other management systems easier.