ISO 45001 is the internationally recognised standard for Occupational Health and Safety Management Systems (OHSMS). It provides organisations with a structured framework for identifying, managing, and reducing health and safety risks in the workplace. Achieving ISO 45001 certification not only demonstrates your commitment to employee wellbeing and legal compliance but also helps reduce incidents, improve morale, and enhance your reputation with clients and stakeholders.
However, achieving certification involves more than just paperwork — it requires leadership, engagement, and a systematic approach to continual improvement. Below, we outline the main steps involved in achieving ISO 45001 certification, from planning to external audit.
1. Understanding ISO 45001 and Its Requirements
Before beginning the process, it’s essential to understand what ISO 45001 requires.
The standard focuses on establishing, implementing, maintaining, and continually improving an Occupational Health and Safety Management System (OHSMS).
Key areas include:
- Context of the organisation – understanding internal and external factors that can affect your health and safety performance.
- Leadership and worker participation – ensuring top management takes responsibility and employees are actively involved.
- Planning – identifying hazards, assessing risks, and establishing objectives.
- Support – ensuring competence, awareness, and communication.
- Operation – managing change, outsourcing, procurement, and emergency preparedness.
- Performance evaluation – monitoring, measuring, and auditing health and safety performance.
- Improvement – addressing nonconformities and driving continual improvement.
A good first step is to obtain a copy of the ISO 45001:2018 standard and review its structure (which follows the Annex SL framework used by other ISO management system standards such as ISO 9001 and ISO 14001).
2. Conducting a Gap Analysis
A gap analysis is one of the most effective ways to start. It compares your existing health and safety processes against ISO 45001 requirements to identify what’s missing or needs improvement.
This step will help you:
- Understand your current level of compliance.
- Prioritise areas requiring attention.
- Develop an implementation plan and timeline.
For example, you might already have risk assessments and incident reporting systems in place, but lack a formal procedure for consultation and participation of workers. Identifying such gaps early helps you focus resources effectively.
3. Gaining Leadership Commitment
ISO 45001 places strong emphasis on top management involvement. Senior leaders must actively support the system by:
- Establishing a clear occupational health and safety policy.
- Providing resources (time, personnel, and budget).
- Promoting a positive safety culture.
- Ensuring health and safety objectives align with the organisation’s strategic direction.
Without leadership commitment, implementation efforts can stall or fail to gain traction.
4. Defining the Scope of the OHS Management System
Next, determine the scope of your OHSMS — that is, which parts of the organisation, locations, and activities will be covered by ISO 45001.
For example, a company may choose to include all manufacturing operations but exclude office-only functions.
A clearly defined scope ensures that audits, objectives, and procedures remain focused and manageable.
5. Engaging Employees and Establishing Roles
Worker participation is a cornerstone of ISO 45001. Employees at all levels should be involved in hazard identification, risk assessments, and decision-making related to health and safety.
Practical steps include:
- Forming a health and safety committee.
- Conducting regular toolbox talks and safety briefings.
- Training employees on roles, responsibilities, and reporting procedures.
When staff are engaged, compliance improves and hazards are reported sooner.
6. Identifying Hazards and Assessing Risks
This is a critical operational stage. You must identify potential hazards (physical, chemical, biological, ergonomic, psychosocial) and evaluate associated risks.
Steps typically include:
- Identifying routine and non-routine activities.
- Assessing who might be harmed and how.
- Evaluating existing control measures.
- Determining the level of risk and implementing further controls if needed.
Use the hierarchy of controls — elimination, substitution, engineering controls, administrative controls, and PPE — to manage risks effectively.
7. Establishing Policies, Procedures, and Objectives
Once risks are understood, you’ll need to develop or update documentation to align with ISO 45001 requirements.
This may include:
- An Occupational Health and Safety Policy.
- Procedures for risk assessment, incident investigation, and emergency response.
- Objectives and measurable targets for improvement.
- Records of training, inspections, and compliance monitoring.
Your objectives should be specific, measurable, achievable, relevant, and time-bound (SMART), such as “Reduce lost-time injuries by 10% within 12 months”.
8. Implementing and Communicating the OHSMS
With the framework and documents in place, you can move into implementation.
This involves:
- Training staff and contractors on new procedures.
- Rolling out communication channels for reporting incidents.
- Ensuring new control measures are in place and effective.
Regular communication is vital — everyone in the organisation should understand the purpose of the OHSMS and their role in it.
9. Monitoring, Measurement, and Internal Audits
To maintain effectiveness, the OHSMS must be regularly monitored and reviewed.
This means:
- Tracking performance indicators such as incident rates, audit findings, and corrective actions.
- Conducting internal audits to verify compliance with ISO 45001 and your own policies.
- Addressing nonconformities and identifying opportunities for improvement.
Internal audits are a key preparation step before your external certification audit.
10. Management Review
Senior management should periodically review the OHSMS to ensure its continuing suitability, adequacy, and effectiveness.
The management review meeting should cover:
- Results of audits and incident investigations.
- Achievement of health and safety objectives.
- Feedback from workers.
- Changes that could affect the system.
- Recommendations for improvement.
This demonstrates top-level accountability and continual improvement — both crucial to ISO 45001.
11. The Certification Audit (Stage 1 and Stage 2)
Once your system is implemented and operating effectively for several months, you can apply for certification through a UKAS-accredited certification body.
The audit typically occurs in two stages:
Stage 1 – Documentation and Readiness Review
The auditor reviews your documentation, policies, and readiness for certification. They may highlight areas that need improvement before the next stage.
Stage 2 – Certification Audit
The auditor visits your site(s) to verify implementation, effectiveness, and compliance with ISO 45001. If you meet the requirements, your organisation will be awarded certification.
Certification is valid for three years, with annual surveillance audits to ensure continued compliance.
12. Continual Improvement and Maintaining Certification
Achieving certification is only the beginning. ISO 45001 requires ongoing commitment to continual improvement.
This includes:
- Reviewing incident data and implementing corrective actions.
- Keeping up to date with legislation and best practices.
- Conducting regular audits and management reviews.
- Promoting a culture of safety and wellbeing.
A proactive approach not only maintains compliance but drives long-term benefits such as reduced costs, improved employee retention, and enhanced reputation.
Final Thoughts
Achieving ISO 45001 certification demonstrates that your organisation takes occupational health and safety seriously — not as a legal obligation but as a core business value.
By following these steps methodically, engaging your workforce, and maintaining leadership support, you can build a safer, more resilient, and compliant organisation.
If you’re considering implementing ISO 45001, working with an experienced ISO consultancy can help simplify the process, ensure compliance, and save valuable time.
Ready to Get Started with ISO 45001?
At Candy Management Consultants, we help organisations of all sizes implement and achieve ISO 45001 certification efficiently and effectively. Our experts simplify the process, ensuring your management system is practical, compliant, and built to last.
