DELEGATE

HANDBOOK
ISO 45001 : 2018
 ANNEX SL
• ISO 45001:2018, like most other ISO standards, has adopted the
Annex SL High Level Structure (HLS).

• Annex SL is designed to simplify integration with other

management systems like ISO 9001 and 14001 with consistent
language and matching sub-clauses, making it easier for you to
build and manage an integrated business management system.

• Understanding Annex SL isn't just crucial for ISO 45001 - it's the
core of any modern ISO standard you can expect to accredit to in
the future, so you should start your reading as soon as possible.
TRAINING COURSE
OVERVIEW

• PDCA approach
• Risk based thinking
• Understanding the standard’s requirements
• Skill enhancement for auditing
 OBJECTIVES OF THIS
RESOURCE MATERIAL

• Understand the basics of management systems

• Understand the requirements of ISO 45001 : 2018

• Understand the changes with respect to OHAS 18001 : 2007

• Enhancing the internal auditing skills

 BASIC
CONCEPTS
 OBJECTIVES OF
MANAGEMENT SYSTEMS

• Satisfaction of interested parties

• Risk based preventive approach

• Continual Improvement

Resource Material
• ISO 31000 : Risk Management- Principles and Guidelines
• ISO 31010 : Risk Management -Risk assessment techniques
 KEY CHANGES
• Introduction of High Level Structure ( HLS ) meaning revised
clause structure .

• Some of the terminologies are changes e.g “ Documents &

Records “ to “ Documented Information “ , “ Objectives , targets and
management programs “ to “ OH&S Objectives “and “ Planning to
achieve “ OH&S Objectives “

• Greater Emphasis on worker participation

• Concept of preventive action is replaced by Risk based thinking

METIGATION PERIOD -
ISO 45001 : 2018

2018 2019 2020 2021

Standard released on 12
March 2018

Transition period till Sep 2021

 INTENDED OUTCOME
OF OH&S MS

• Continual Improvement of OH & S performance

• Fulfilment of Legal Requirements and other requirements

• Achievement of OH & S objectives

 LETS UNDERSTAND
THIS THOROUGHLY
• Occupational Health & safety performance 3.28 - Performance
related to effectiveness of prevention of injury and ill health to
workers and provision of safe and healthy work place.

• Legal Requirements and Other Requirements 3.9 - legal

requirements that an organisation has to comply with or other
requirements that that an organisation has to or choose to comply
with.

Must Refer to Note : For this Must Refer to Note : Legal requirements
purpose of document Legal and other requirements include those
requirements and other that determine the person who is
requirements are those which are worker’s representative in accordance
relevant to OH & S management with laws, regulations , collective
System agreements and practice
 LETS UNDERSTAND
THIS THOROUGHLY
• Occupational Health & safety objective 3.17 -objectives set by
organisation to achieve specific results consistent with OH&S
policy

• Worker 3.3 -person performing work or work related activities that

are under the control of organisation

Must Refer to Note : The work or work

Must Refer to Note : workers include
related activities performed under the
top management , managerial and
control of organisation may be performed
non managerial persons.
by worker employed by organisation ,
workers of external providers , contractors
, individuals ,agency workers and by other
persons to the extent the organisation
shares control over their work or work
related activities according to the context
of the organisation
 AIM OF OH&S
MANAGEMENT SYSTEM
• To provide frame for managing OH&S risks and opportunities.

• To prevent work related injury & ill health to workers & to provide
safe & healthy workplace.

• To eliminate hazards and minimise OH&S risks effective preventive

and proactive measures .

• To improve OH&S performance

• Assist the organisation to fulfil its legal and other requirements.

 RISK BASED
THINKING
• Risk : Effect of uncertainty.

• Risk acceptance :Decision to accept the risk .

• Risk analysis : Systematic use of information to identify sources and

to estimate the risk

• Risk evaluation & Risk treatment

ISO 31000 : Risk Management -

Principles and guidelines
 PLAN-DO-CHECK-
ACT CYCLE
• Plan : determine and access OH&S risks ,OH&S opportunities
,establish OH&S objectives and processes necessary to deliver
results in accordance with organisation’s OH&S policy.

• Do : Implement the processes as planned

• Check : Monitor and measure the activities and report the results

• Act : take actions to continually improve OH&S performance to

achieve intended outcome .
PLAN-DO-CHECK-
ACT CYCLE
REQUIREMENTS
OF ISO
45001 : 2018
 CLAUSE
STRUCTURE
4 Context of the 5.0 Leadership 6.0 Planning 7.0 Support 10.0 Improvement
8.0 Operation 9.0 Performance
organisation & worker
participation evaluation

4.1Understanding 5.1 Leadership 6.1 Actions to address 7.1 Resources 8.1Operational 9.1 Monitoring, 10.1 General
the organisation &commitment risks and planning and control measurement,
and its context opportunities analysis and
performance
evaluation
5.3 OH&S policy 6.2 OH&S objectives 7.2 Competence
4.2 Understanding the 8.2 Emergency 10.2 Incident , non
needs & expectations and planning to preparedness and conformity and
of worker & other achieve OH&S response 9.2 Internal Audit corrective action
interested parties objectives

4.2 Understanding the 5.3 Organisational 7.3 Awareness

needs & expectations 10.3 Continual
roles,
of worker & other improvement
responsibilities and 9.3 Management
interested parties authorities review

4.3 Determining the 5.4 Consultation and 7.4 Communication

scope of OH&S MS participation of
workers

4.2 OH&S MS
7.5 Documented
information
 1.0 SCOPE
• ISO 45001 : 2018 provides requirements for OH&S management
system that organisation can use to enhance the OH&S
performance.

• Helps to achieve the intended outcome of OH&S.

• Does not address issues like product safety , property damage or

environmental impacts beyond the risks to workers and other
interested parties .
 2.0 NORMATIVE
REFERENCES
• There are no normative references in this document.
 TERMS AND
DEFINITIONS
• Hazard 3.19 : source with a potential to cause injury or ill-health.

• Injury and ill health 3.18 : adverse effect on physical , mental or

cognitive condition of person

• Occupational health and safety risk 3.21: combination of the

likelihood of a work related hazardous event ( s) or exposure (s)
and severity of injury and ill health that can be caused by event (s)
and exposure(s)
 TERMS AND
DEFINITIONS
• Occupational health & safety opportunity 3.22 : circumstances or
set of circumstances that can lead to improvement of OH&S
performance.

• Monitoring 3.30 :determining the status of a system , a process or

an activity.

• Measurement 3.31 : process to determine a value

Must refer to note : To

determine the status , there
may be a need to check ,
supervise or critically
observe.
 TERMS AND
DEFINITIONS
• When the word “ consider “ is used , it means the organisation
should think about it but it can be excluded whereas , the term “
take in to account “ means the organisation should think about it
but can not be excluded .

• The term “ensure “ means the responsibility can be delegated but

not the accountability to make sure that the action is performed.
4.0 CONTEXT OF
THE
ORGANISATION
 4.1 UNDERSTANDING
THE ORGANISATION AND
ITS CONTEXT
• Determine the external and internal issues that are relevant to
purpose and has ability to affect the intended outcome of OH&S
management system .

External issues include social Internal issues include

, political ,new technology , organisational structure , roles
new laws , new knowledge on and responsibilities , resources ,
product and their impact on knowledge and competence ,
health and safety , perception culture in the organisation,
of external interested parties working conditions , working
time
 4.2 UNDERSTANDING THE NEEDS
AND EXPECTATIONS OF WORKERS
AND INTERESTED PARTIES

• The organisation shall determine the interested parties in addition

to workers that are relevant to its OH&S management system.

• Some needs and expectations are mandatory as they are part of

legal requirements . The organisation may voluntarily agree to
adapt other needs and expectations , once the organisation adopts
them , they are to be addressed in OH&S planning

The interested parties can include legal &

regulatory authorities ,parent
organisations , supplier , contractors and
sub contractors , workers ‘ representative
, trade unions , customers , visitors ,
medical and other community services
 4.1 UNDERSTANDING THE
ORGANISATION AND ITS CONTEXT
4.2 UNDERSTANDING THE NEEDS AND
EXPECTATIONS OF WORKERS AND
INTERESTED PARTIES
Context of the organisation - The context of an organisation refers to the combination of internal
and external factors and conditions that can have an effect on an organisation’s approach to its
products and or services. As a result, the design and implementation of your organisation’s
occupational health and safety management system will be influenced by its context.
4.1 Understanding Have the OH&S related internal and external factors been identified that
the organisation and could affect, or be affected by your organisation?
its context
New Requirement Is this a recurring and repeatable process?

Is documented information available (see guidance below)?

Guidance: The standard does not require documented information.

However, evidence will need to be provided to your auditor to provide
assurance your organisation is reviewing and regularly updating the
external and internal issues that have been identified. If documented
information is not available, then a number of in-depth face-to-face
interviews will be required.
4.2 Understanding Has your organisation determined:
the needs and
expectations of 1. The relevant interested parties who can affect or be affected by the
workers and other OH&S management system?
interested parties 2. The relevant needs and expectations of workers and other interested
New Requirement parties
3. Which of the above needs and expectations are or could become legal
and other requirements?

Guidance 1: Relevant interested parties must include workers

Guidance 2: The comments on documented information in clause 4.1
above are applicable to clause 4.2 also.
 4.1 AUDIT
EVIDENCES
• Business plan
• Review of strategy plans
• Competitor analysis
• Economic reports from business sectors
• SWOT analysis
• Minutes of Meetings
• Action lists
• Diagrams, Spreadsheets, Mind mapping diagrams
• External consultant’s reports
 4.2 AUDIT
EVIDENCES
• Legal and regulatory authorities (local, regional, national or international)
• Parent organizations
• Suppliers, contractors and subcontractors
• Workers’ organizations (trade unions) and employers’ organizations
• Owners, shareholders, clients, visitors, relatives of workers, local
community and neighbours of the organization and the general public
• Customers, medical and other community services, media, academia
• Business associations and non-governmental organizations (NGOs)
• Occupational health and safety organizations and occupational safety and
health-care professionals (for example doctors and nurses).
4.3 DETERMINING THE
SCOPE OF THE OH&S
MANAGEMENT SYSTEM
• The organisation shall determine the boundaries and applicability
of OH&S . The scope shall be available as D.I

• The organisation should not exclude the activities , products and

services that have or can have impact on organisation ’s OH&S
performance or to evade its legal requirements and other
requirements .

The scope shall be available as documented information

 4.3 DETERMINING THE
SCOPE OF THE OH&S
MANAGEMENT SYSTEM
Context of the organisation - The context of an organisation refers to the combination of internal
and external factors and conditions that can have an effect on an organisation’s approach to its
products and or services. As a result, the design and implementation of your organisation’s
occupational health and safety management system will be influenced by its context.

4.3 Determining the Is the scope of the OH&S management system defined and documented?
scope of the OH&S
management system When defining the scope have you:

A. Considered the internal and external issues?

B. Taken into consideration legal and other requirements?
C. Taken into account planned or performed work related activities

Both standards require definition of OH&S management system scope;

only ISO45001 elaborates requirements for the scope in more detail.
Documenting the scope of the OH&S management system is required by
both standards.
Guidance 1: The scope should not be used to exclude activities, products
or services that have or can impact your organisations OH&S performance
or to evade legal and other requirements. The scope is a factual and
representative statement of your organisation’s operations included within
the OHSMS boundaries that should not mislead interested parties.

Guidance 2: Your auditor will gather evidence that the scope has been
correctly defined and considers context and applicable legal and other
requirements and your organisations activities, products and services.
Auditors will also evaluate the accuracy of the scope to ensure that it does
not mislead interested parties.
 4.3 AUDIT
EVIDENCES
• Outsourcing
• Logistics
• Multiple sites
• Service centres
• Servicing at customer premises
• Collaborative products and services
 4.4 OH&S
MANAGEMENT SYSTEM

• The organisations shall establish , maintain and continually OH&A

management system.

• The organisation shall integrate OH&S requirements into various

business processes e.g design ,procurement , manufacturing ,
human resources etc.
 4.4 OH&S
MANAGEMENT SYSTEM

Context of the organisation - The context of an organisation refers to the combination of internal
and external factors and conditions that can have an effect on an organisation’s approach to its
products and or services. As a result, the design and implementation of your organisation’s
occupational health and safety management system will be influenced by its context.

4.4 OH&S The organisation shall establish, implement, maintain and

management system continually improve an OH&S management system, including the
and its processes processes needed and their interactions, in accordance with the
requirements of this document.
 4.4 AUDIT
EVIDENCES
• Manuals, Process diagrams (input – process – output)
• Diagrams showing process linkages (inputs / outputs / customer)
• Overlays showing the locations of activities
• Identification of outsourced processes
• resource diagrams (e.g. capacity analysis, value stream mapping,
“Lean”…. )
• Programmes
5.0 LEADERSHIP
AND WORKER
PARTICIPATION
 5.1 LEADERSHIP
AND COMMITMENT
• Top management is
responsible and accountable
for prevention of work related ill
health & injury.

• Providing safe and healthy

work place and activities.

• Ensure that OH&S policies and

objectives are established.
 5.1 LEADERSHIP
AND COMMITMENT
• Ensure that required resources
and available.

• Ensure that OH&S MS

achieves its intended outcome.

• Ensuring and promoting

continual improvement
 5.1 LEADERSHIP
AND COMMITMENT
• Developing , leading and
promoting a culture that
supports the intended outcome
of OH&S MS.

• Protecting worker from

reprisals when reporting
incidents ,hazards , risks &
opportunities.

• Ensure worker participation .

 5.1 LEADERSHIP
AND COMMITMENT
Leadership and worker participation - There is an emphasis on leadership rather than just
management. Top management are required to demonstrate greater direct involvement in your
organisation’s OHSMS. The removal of the need for a specific management representative is to
ensure that ‘ownership’ of your organisation’s OHSMS is not simply focused on one individual but
on that person or group of people who directs and controls your organisation at the highest level.
This is a key clause and is fundamental to the whole standard. If it is not followed in its basic and
profound meaning, the whole management system may still achieve some good results, but fail to
reach its full potential.
5.1 Leadership and Is top management engaged and leading the OHSMS to all persons in the
commitment organisation, including:

 Accepting accountability for the effectiveness of the OHSMS

 Ensuring that the OH&S policy and objectives are consistent with the
organisations overall strategic direction and context
 Ensuring that OHSMS objectives are achieved and that the policy is
communicated, understood and applied across the
Organisation
 Ensuring that the OHSMS requirements are integral to the
organisations business processes and that resources are available for
Its effective operation

Guidance 1: Top management refers to a person or a group of people

who directs and controls the organisation at the highest level
Guidance 2: Top management must not only be aware of the new
requirements but must be able to demonstrate
leadership and commitment in tangible ways. They will be audited as a
matter of routine. Evidence of leadership and commitment will be
revealed as the auditor interviews not only top management but all
members of the organisation.
 5.4 AUDIT
EVIDENCES
Visible and tangible evidence of Leadership such as:

• Knowledge of Process, events, incidents and accidents

• Investment in resources, equipment, manpower
• Completion of site audits and inspections
 5.2 OH&S POLICY
• Top management shall establish , implement and maintain OH&S
policy.

Policy should include commitment

-to provide safe and healthy working conditions for prevention of work related
injury and ill health.
-to fulfil legal requirements and other requirements
-to eliminate hazards and reduce OH&S risks
-to continual improvement of OH&S management system.
-to consultation and participation of workers and where applicable worker’s
representative

OH&S policy shall be

-communicated with in the organisation
-available to interested parties

The OH&S shall be available as documented information

 5.2 OH&S POLICY
Leadership and worker participation - There is an emphasis on leadership rather than just
management. Top management are required to demonstrate greater direct involvement in your
organisation’s OHSMS. The removal of the need for a specific management representative is
to ensure that ‘ownership’ of your organisation’s OHSMS is not simply focused on one
individual but on that person or group of people who directs and controls your organisation at
the highest level. This is a key clause and is fundamental to the whole standard. If it is not
followed in its basic and profound meaning, the whole management system may still achieve
some good results, but fail to reach its full potential.

5.2 OH&S Policy Have top management established an OH&S policy that is consistent
with the purpose and context of the organisation? Does the established
policy include a commitment to:
Provide safe and healthy working conditions?
A. Fulfil legal and other requirements
B. Eliminate hazards and reduce OH&S risks
C. Consultation and participation of workers (and if applicable workers
representatives)

Is the OH&S policy:

Available as documented information?
 Communicated within the organisation?
 Available to interested parties as appropriate?

Guidance: Top management must be able to demonstrate that they

have established the policy and that they have not just signed a policy
written by somebody else. The external auditor will discuss the policy in
detail with top management to ensure they can demonstrate from their
own understanding that the policy is compatible with the strategic
direction and context of the organisation. They will be looking for
evidence that the policy has been communicated and understood
throughout the organisation.
 ORGANISATIONAL ROLES
, RESPONSIBILITIES AND
AUTHORITIES
• Top management shall ensure that the responsibilities and
authorities for relevant roles with in OH&S management system are
assigned and communicated at all levels within the organisation.
 ORGANISATIONAL ROLES
, RESPONSIBILITIES AND
AUTHORITIES
Leadership and worker participation - There is an emphasis on leadership rather than just
management. Top management are required to demonstrate greater direct involvement in your
organisation’s OHSMS. The removal of the need for a specific management representative is to
ensure that ‘ownership’ of your organisation’s OHSMS is not simply focused on one individual but
on that person or group of people who directs and controls your organisation at the highest level.
This is a key clause and is fundamental to the whole standard. If it is not followed in its basic and
profound meaning, the whole management system may still achieve some good results, but fail to
reach its full potential.
5.3 organisational Has a process been developed and implemented for consultation and
roles, responsibilities participation of workers at all applicable levels and functions and where
and authorities they exist workers representatives, in the development, planning,
implementation, performance evaluation and actions for improvement of
the OHSMS?

Guidance: Worker includes all persons working under the control of the
organisation including visitors, contractor’s
personnel and personnel carrying out an outsourced process.
 5.3 AUDIT
EVIDENCES
• Organisational Charts
• Roles and Responsibilities for Emergency
Positions and ensure that personnel are aware of
such duties
• Should include contractors
 5.4 CONSULTATION
AND PARTICIPATION
OF WORKERS
• The organisation shall establish processes for consultation and
participation of workers and where they exist worker’s
representative

Consultation involves dialogue and exchange .

Consultation involves timely provision of information necessary for worker
and where they exist worker’s representative to give feedback to be
considered by the organisation before making decision

Participation enables workers to contribute to decision making processes on

OH&S performance and proposed changes .
The organisation should ensure workers are encouraged to report hazardous
situations so that preventive measures can put in place.
 5.4 CONSULTATION AND
PARTICIPATION OF
WORKERS

Leadership and worker participation - There is an emphasis on leadership rather than just
management. Top management are required to demonstrate greater direct involvement in your
organisation’s OHSMS. The removal of the need for a specific management representative is to
ensure that ‘ownership’ of your organisation’s OHSMS is not simply focused on one individual but
on that person or group of people who directs and controls your organisation at the highest level.
This is a key clause and is fundamental to the whole standard. If it is not followed in its basic and
profound meaning, the whole management system may still achieve some good results, but fail to
reach its full potential.
5.4 Consultation and Has a process been developed and implemented for consultation and
Participation of workers participation of workers at all applicable levels and functions and where
they exist workers representatives, in the development, planning,
implementation, performance evaluation and actions for improvement of
the OHSMS?

Guidance: Worker includes all persons working under the control of the
organisation including visitors, contractor’s
personnel and personnel carrying out an outsourced process.
 5.4 AUDIT
EVIDENCE
• Minutes of safety committee meetings
• Observation & intervention process
• Employee and contractors feedback & surveys
• Interviews with employees & contractors
6.0 PLANNING
 6.1 ACTIONS TO
ADDRESS RISKS AND
OPPORTUNITIES
• When planning for OHAS management system
Consider
• External and internal issues
• Requirements of interested parties
• Scope of OH&S management system

When determining the risks & opportunities for OH&S management system ,
the organisation shall consider
• Hazards
• OH&S risks and other risks
• OH&S opportunities and other opportunities.
• Legal requirements and other requirements
 6.1 ACTIONS TO
ADDRESS RISKS AND
OPPORTUNITIES
• The organisation shall maintain documented information on

• Risks and Opportunities

• The processes and actions needed to determine and address its risks and
opportunities to the extent necessary to have confidence that they are carried
out as planned.
 6.1 ACTIONS TO
ADDRESS RISKS AND
OPPORTUNITIES

Planning - Although planning has always been an integral part in establishing and maintaining an
OHSMS, ISO 45001:2018 now places a greater emphasis on the planning that your organisation
does to proactively identify any circumstances which could lead to any undesired occurrences that
could prevent the achievement of continual improvement. Your organisation is now required to
consider both its context and interested parties when planning and implementing its OHSMS.
6.1 Actions to address Considering the organisations context (clause 4.1) and requirements of
risks and opportunities relevant interested parties (clause 4.2) have the risks and opportunities
been considered and have actions been defined to take advantage of the
opportunities and mitigate the risks?
Does this include consideration of hazards, risk, opportunities and legal
and other requirements that may be applicable? Is documented
information available on risks and opportunities and the processes and
actions needed to determine and address the risks and opportunities?
Have hazards (sources of potential to cause injury or ill health)
associated with operational processes throughout the organisation been
identified?
 6.1 ACTIONS TO
ADDRESS RISKS AND
OPPORTUNITIES

Planning - Although planning has always been an integral part in establishing and maintaining an
OHSMS, ISO 45001:2018 now places a greater emphasis on the planning that your organisation
does to proactively identify any circumstances which could lead to any undesired occurrences that
could prevent the achievement of continual improvement. Your organisation is now required to
consider both its context and interested parties when planning and implementing its OHSMS.
6.1 Actions to Guidance: When identifying hazards organisations should take account
address risks and the definition of “workplace”. Workplace is not limited to the site where
opportunities organisations perform their activities. Workplace also covers any place
Continued under the full or partial control of the organisation, where workers need
to be present or go to for work purposes.
Have risk assessments been completed and the methodology used for
risk assessment and the criteria applied been documented? Has
documented information been retained on the results of your
determination and assessment of risks and opportunities?
Is there a process in place to determine and have access to legal and
other requirements applicable to the OHSMS and how the requirements
apply within the OHSMS?
Is documented information maintained and retained on this process and
on the organisations legal and other requirements? Has the organisation
determined how to address risks and opportunities including the actions
required (including how to address legal and other requirements and to
prepare for and respond to emergency situations)?

Note: when planning to take action you need to apply whenever possible,
the ‘hierarchy of controls’.
 6.1 AUDIT
EVIDENCE
• Risk assessments – suitable & sufficient
• Methodology
• Review periods
• Competence of assessor
• All activities
• All work locations
• Physical, physiological, illness and COSHH
 6.1.2 HAZARD
IDENTIFICATION AND
ASSESSMENT OF RISKS
AND OPPORTUNITIES
• Hazard identification is pro active & on going process to be
started at conceptional design stage of any new work place , facility
or product & continued during operations .

• The hazard identification process helps the organisation to

recognise and understand the hazards in the work place and to the
workers in order to assess , prioritise and eliminate hazards or to
reduce OH&S risks .
 6.1.2 HAZARD
IDENTIFICATION AND
ASSESSMENT OF RISKS
AND OPPORTUNITIES
• While identifying the hazards , the hazards to worker occurring
during manufacture , construction , assembly or testing of products
should be considered.

• The hazard can be physical , chemical , biological , mechanical ,

electrical .

The organisational hazard identification process should consider .

• Routine and non routine activities and situations
• The activity , the worker and the organisation.
• New or changed hazards

• Potential emergency situations which require immediate response e.g

machine catching fire or natural disaster in the vicinity of wok place
 6.1.1.2 ASSESSMENT OF
OH&S RISKS AND THE
RISKS TO OH&S
MANAGEMENT SYSTEM
• While accessing the OH&S risks associated with identified hazards
, the organisation shall take in to account the effectiveness of
existing control.

• The organisation shall maintain & retain the documentation

information on methodology & criterial used for deterring OH&S
risks and other risks .

• The organisation can use qualitative or quantitive methods to

assess OH&S risks .
 6.1.2.2. ASSESSMENT OF
OH&S OPPORTUNITIES AND
OTHER OPPORTUNITIES FOR
OH&S MS

• The organisation should establish , implement and maintain

process to assess the OH&S opportunities to enhance OH&S
performance & other opportunities for improving OH&S
performance.
 6.1.3 DETERMINATION OF
LEGAL REQUIREMENTS
AND OTHER
REQUIREMENTS
• The organisation should determine and access to up-to -date legal
requirements and other requirements that are applicable to its
hazards , OH&S risks and OH&S management system.

• Determination of communications with respects to these

requirements .

• Consider these requirements while establishing , implementing &

continually improving the OH&S performance.

Maintain and retain the documented information on Legal register

its legal requirements and shall ensure it is updated , isn’t it ?
to reflect any changes
 6.1.3 DETERMINATION OF
LEGAL REQUIREMENTS
AND OTHER
REQUIREMENTS
• Legal requirements and other requirements can include .

Legal Requirements :
• Legislation ( regional , national or international )
• Decrees and directives
• Orders issued by regulators
• Permits , license or other forms of authorisation
• Judgements of courts or administrative tribunals
• Treaties , protocols

Other requirements :
• The organisational requirement
• Contractual conditions
• Employment agreements
• Agreements with interested parties
• Agreements with health authorities
 6.1.4 PLANNING
ACTION
• The organisation shall plan actions to actions to address to

• The organisation should take into account the hierarchy of controls

and consider best practices , technological options and business
requirements , when planning to take actions.

• Address risks and opportunities.

• Address legal requirements & other requirements
• Prepare and response to emergency situations
6.2 OBJECTIVES AND PLANNING
TO ACHIEVE THEM

• 6.2.1 OH&S OBJECTIVES .

• The organisation should establish objectives at relevant functions

and levels in order maintain and continually improve the OH&S
performance .

OH&S objectives shall be OH&S objectives shall take into account

• Consistent with OH&S policy • Applicable legal requirement and other
• Measurable requirement
• Monitored • Results of assessment of risks and
• Communicated opportunities
• Updated as appropriate • Results of consultation with workers /
worker representative if they exist
6.2.2 PLANNING TO ACHIEVE
OH&S OBJECTIVES
• When planning how to achieve its OH&S objectives , the
organisation should determine ,

• Where practical , each objective should be linked to an indicator

• What is to be done ?
• What resources required ? Typically
financial , human , infrastructure , Management
equipment etc programmes , isn’t it ?
• Who is responsible ?
• When it will be completed ?
• How results will be evaluated
including the indicators for
monitoring

The organisation shall maintain and retain documented information on OH&S

objectives and actions to achieve them
 6.2 OBJECTIVES AND
PLANNING TO ACHIEVE
THEM
Planning - Although planning has always been an integral part in establishing and maintaining an
OHSMS, ISO 45001:2018 now places a greater emphasis on the planning that your organisation
does to proactively identify any circumstances which could lead to any undesired occurrences that
could prevent the achievement of continual improvement. Your organisation is now required to
consider both its context and interested parties when planning and implementing its OHSMS.

6.2 OH&S objectives Have (SMART) objectives been established at relevant functions and
and planning to levels within the organisation in order to maintain and continually improve
achieve them the OHSMS and OH&S performance?

Are the objectives consistent with the policy, OH&S risks and
opportunities, business context and adequately resourced, monitored,
communicated and updated as appropriate?

Are plans to achieve objectives determined in terms of what is required,

who is responsible, agreed timings, and the required measures to
establish progress.

Is documented information maintained and retained on OH&S objectives

and plans to achieve them?
 6.2 AUDIT
EVIDENCE
Verify that the organisation’s overall objectives:

•Have been defined

•Reflect the relevant policy
•Are substantially coherent
•Compliance obligations and consider risks/opportunities
•OHSMS, take into account assessment of risk and results of consultation
with workers
•Are aligned and compatible with the organisation’s context and strategic
direction
•Documented information has been maintained.
7.0 SUPPORT
7.1 RESOURCES
• The organisation should determine and provide resources required
for OH&S management system.

• Resources can include human , infrastructure ,technology , finance

etc .

• Examples of infrastructure can include building , plant , equipment ,

utilities , information technology , communication systems and
emergency containment systems .
 7.2 COMPETENCE
• Competence is combination of
education , experience and skill
sets.

• The competence of worker

should include the knowledge
and skill sets needed to
appropriately identify hazards
and deal with OH&S risks
associated with their work and
workplace.
 7.2 COMPETENCE
• Worker should have
competence to remove
themselves from situations of
imminent and serious danger .
This is can done by providing
trainings on hazard and risks
associated with their work

• Retain appropriate documented information as evidence competence.

 7.0 SUPPORT
Support - The new ISO 45001: 2018 standard provides a lot more specific requirements to place
greater emphasis on the provision of resources necessary to establish and maintain an effective
OH&S MS.

1.Resources Have competence requirements of workers that affects

or can affect the OH&S performance been determined?
2. Competence Are workers competent on the basis of appropriate
education, training or experience?

Note that the standard singles out the identification of hazards

as a particular competence requirement.

Have actions been taken to acquire the necessary

competence where any gaps have been identified? Are
actions taken evaluated for effectiveness in raising
competence to the required level?

Is documented information retained as evidence of

competence?

Guidance: The term “workers” means all persons performing

work under the organisations control under various
arrangements: paid or unpaid, full-time or part-time,
temporarily, intermittently or seasonally, managerial and non-
managerial. Workers can be employed by the organisation, by
external providers, contractors, agency workers or any other
person to the extent the organisation shares control over their
work.
 7.1 & 7.2 AUDIT
EVIDENCE
To satisfy the competence/effectiveness requirements of relevant
standards, an organization will typically need to do several things:-

• Determine what competencies are required by persons performing work

• Determine which persons already performing the work have the required
• Competencies
• Decide if additional competencies are required
• Decide how these additional competencies are to be obtained – training of
persons (external or internal),
theoretical or practical training, hiring of new competent persons, assignment
of existing competent personnel to different work
• Review the effectiveness of actions taken to satisfy competence needs and
• Train, hire or reassign persons
• To ensure that the necessary competence has been achieved
• Periodically review competence of persons
7.3 AWARENESS
• Workers should be made aware of
• The OH&S policy & objectives
• The OH&S risks to which they are exposed.
• Their contribution to the effectiveness of OH&S management system
including benefits of improved OH&S performance
 7.3 AWARENESS
Support - The new ISO 45001: 2018 standard provides a lot more specific requirements to place
greater emphasis on the provision of resources necessary to establish and maintain an effective
OH&S MS.
7.3 Awareness Are workers aware of OH&S policy requirements and objectives and how
they are contributing to the effectiveness of the OHSMS and the
implications of not conforming to OH&S requirements?

Are workers made aware of the incidents, related investigations, hazards

and OH&S risks relevant to them?

Are workers able to remove themselves from work situations that they
consider present an imminent and serious danger to their life and health
without fear of reprisal?
7.4 COMMUNICATION
• 7.4.1 The organisation shall establish processes for internal and
external communications relevant to OH&S management system.

• The organisation shall response to relevant communication on its

OH&S management system.

• 7.4.1 Internal communication 7.4.2 External communication

The organisation shall determine . When establishing communication

• What is to be communicated ? process , the organisation should
• When to communicate ? consider
• With whom to communicate -may be • Legal requirements and other
internally , among the contractors , requirements
visitors to work place , interested parties • Reliability of information to be
• How to communicate ? communicated

The organisation shall retain the documented information as evidence of its

communication as appropriate
7.4 COMMUNICATION
Support - The new ISO 45001: 2018 standard provides a lot more specific requirements to place
greater emphasis on the provision of resources necessary to establish and maintain an effective
OH&S MS.
7.4 Communication Has a process been established and implemented regarding internal and
external communications relevant to the OHSMS? Does the process
include what is to be communicated, the timing of such communications,
the target audience and the
method of delivery?
Does the process ensure that the communication is reliable and
consistent with the information generated by the OHSMS and that the
organisation responds to relevant communications on its OHSMS?
When considering communication needs has the organisation taken into
account the legal and other requirements and diversity considerations
(e.g. gender, culture, literacy, disability) which may affect
communications?
Is documented information retained as evidence of communications?
 7.4 AUDIT EVIDENCE
Some or all of the following means of communicating information within the
organization should be examined by an auditor:

• Management led communication in work areas

• Team briefings and other meetings, such as those for recognition of
achievement
• Notice boards
• E-mail, intranet and web sites
• Company or in house magazine/newsletter
• Staff meetings
• Individual notices or letters
• Stakeholder / Interested Party communications
 7.5 DOCUMENTED
INFORMATION
• 7.5.1 The organisation OH&S management system should include
documented information required by the standard and documented
information determined by the organisation as being necessary for
effectiveness of OH&S management system.

• 7.5.2 Creating and Updating

• 7.5.3 Control of documented information

Control of documented information should consider

• Distribution , access , retrieval and use
• Storage and preservation
• Control of changes
• Retention and disposition

Control of external original documents

 7.5 DOCUMENTED
INFORMATION
Support - The new ISO 45001: 2018 standard provides a lot more specific requirements to place
greater emphasis on the provision of resources necessary to establish and maintain an effective
OH&S MS.
7.5 Documented Has the organisation maintained and/or retained the following
information documented information in order to be compliant with ISO 45001:
• Scope of the OHSMS (clause 4.3)
• OH&S Policy (clause 5.2)
• Roles and responsibilities (clause 5.3)
• OH&S risks and OH&S opportunities (clause 6.1.1)
• Processes needed to address risks and opportunities (clause 6.1.1)
• Methodology and criteria for assessment of OH&S risks (clause
6.1.2)
• Applicable legal and other requirements (clause 6.1.3)
• OH&S objectives and plans (clause 6.2.2)
• Records of training, skills, experience and qualifications (evidence of
competence) (clause 7.2)
• Communication (clause 7.4)
• Operational controls (clause 8.1.1)
• Emergency preparedness and response (clause 8.6)
 7.5 DOCUMENTED
INFORMATION
Support - The new ISO 45001: 2018 standard provides a lot more specific requirements to place
greater emphasis on the provision of resources necessary to establish and maintain an effective
OH&S MS.
7.5 Documented • Monitoring and measurement results (clause 9.1)
information • Calibration and verification of monitoring and measuring equipment
Continued (clause 9.1)
• Evaluation of compliance obligations (clause 9.1.2)
• Internal audit program (clause 9.2.2)
• Results of internal audits (clause 9.2.2)
• Results of the management review (clause 9.3)
• Incidents and nonconformities (clause 10.1)
• Results of corrective actions (clause 10.1)

Is documented information adequately controlled to ensure that it is

available and suitable for use, where and when it is
needed and to ensure that it is adequately protected?
Is documented information appropriately identified and described (e.g. title,
date, author, ref number)?
Is documented information of external origin that the organisation
considers necessary for the planning and operation of the OHSMS
identified and controlled?
 7.5 AUDIT EVIDENCE
• Paper
• Electronic or optical computer disc
• Photograph
• Master sample
8.0 OPERATION
 8.1 OPERATIONAL
PLANNING AND CONTROL

• 8.1.1.The organisation should plan , implement control and

maintain the processes needed to meet requirements of OH&S
management system and to implement actions as determined in
clause 6 by

• Establishing criteria for the This can be done by

processes •Defining or re defining how
• Implementing the control of the work is organised.
the processes •The induction of new wokers
• Adopting work to workers •Defining or re defining ,
processes and working
conditions
Maintaining and retaining the •Using ergonomics approach
documented information to the when designing new or
extent necessary to have modifying , workplace ,
confidence that the processes equipment
have been carried out as planned .
 8.1 OPERATIONAL
PLANNING AND CONTROL

• The organisation should establish , implement and maintain

processes for elimination of hazards and reduction of OH&S risks

Elimination

Substitution

Engineering Control

Administrative control

Use of PPEs
 8.1 OPERATIONAL
PLANNING AND CONTROL
• Examples of measures at level hierarchy level

• Elimination : removing hazards , stopping using hazardous chemicals , applying

ergonomics approaching when planning / modifying facilities.
• Substitution : replacing hazardous with less hazardous ,adapting to technical
progress e.g replacing solvent based paint by water based paint
• Engineering Controls :machine guarding , ventilation systems , addressing
mechanical handling , reducing nose , protecting agains falls from height by
using guard rails

• Administrative Controls : providing training , conducting periodic safety

equipment inspections, conducting induction training , administering forklift
driving license , providing instructions on how to report incidents , managing
health or medical surveillance programme for workers who have been identified at
risk e.g related to hearing , respiratory disorders , skin disorders etc
• PPEs : safety shoes , safety glasses , hearing protections , gloves etc
 8.1 OPERATIONAL
PLANNING AND CONTROL
8. Operation - With ISO 45001:2018 you will be required to control not only implementation and
planned changes to processes, but also to unintended, unplanned changes. Where unintended
changes are made, you will have to demonstrate that you have identified any actual or potential
adverse effects and have taken action to mitigate them.
8.1.1. Operational Does the organisation plan, implement and control its operational
planning and control processes by establishing operating criteria and implementing control
of the processes in accordance with the operating criteria?

Is documented information maintained and retained to the extent

necessary to have confidence that the processes are carried out as
planned?

Important: If the organisation operates on sites where multiple

employers are operating does the organisation co-ordinate the relevant
parts of its OHSMS with the other organisations on site?
8.1.2 Eliminating Has the organisation established and implemented processes for the
hazards and elimination of hazards and reduction of OH&S risks using the hierarchy of
reducing OH&S controls?
Risks
New Requirement Note: In many countries the provision of personal protection equipment at
no cost to workers is a legal requirement. While this is not a requirement
of
ISO 45001, it is a practice that could enhance OH&S performance.
 8.1.3 MANAGEMENT
OF CHANGE
• The organisation should establish processes for implementation
and control pf planned temporary and permanent changes that
impact OH&S performance.

• Review of consequences of unintended changes leading actions

Change can result in risks & opportunities

Change management process is applicable in following situations .
• New products , services and processes or changes to existing products ,
services and processes
• Changes to legal requirements and other requirements
• Changes in knowledge or information about hazard and OH&S risks
 8.1.3 MANAGEMENT
OF CHANGE
8. Operation - With ISO 45001:2018 you will be required to control not only implementation and
planned changes to processes, but also to unintended, unplanned changes. Where unintended
changes are made, you will have to demonstrate that you have identified any actual or potential
adverse effects and have taken action to mitigate them.
8.1.3 Management of Has the organisation established a process(es) for the implementation
change and control of planned temporary and permanent changes that impact
New Requirement OH&S performance including:

 New products, services and processes or changes to existing products,

services and processes
 Changes to legal and other requirements
 Changes in knowledge or information about hazards and OH&S risks
 Developments in knowledge and technology.
 8.1.4
PROCUREMENT
• 8.1.4.1 The organisation should establish , implement and maintain
processes that to be used to determine , assess and eliminate
hazards and to reduce OH&S risks associated with products ,
hazardous materials or substances , raw materials. Equipment
before their introduction into workplace

• The organisation ’s procurement processes should address

requirements related equipment , raw material or services
purchased by the organisation.
 8.1.4
PROCUREMENT
• 8.1.4.1The organistion should verify material, equipment &
installation are safe for use by .

• This can be ensured by :

• Verifying of equipment according to specification and testing to ensure it works

as intended.
• Verifying the installations to ensure they work as designed.
• Verifying the material against specifications
• Communicating usage requirements , precautions or other proactive measures
 8.1.4.2
CONTRACTORS
• The organisation should co-ordinate procurement processes with
its contractors in order to identity hazards , to assess and to control
the OH&S risks arising from contractors ’s activities , operations ,
organisation ’s activities that impact contractor’s workers,
contractor’s activities and operations that impact other interested
parties ate workplace.

• The organisation should ensure that OH&S requirements are met

by contractors and their workers .

• OH&S criteria to be part of procurement documents .

 8.1.4.2
CONTRACTORS
• The organisation should verify that the contractors are capable of
performing their tasks before being allowed to proceed with their
work.

• This can be done by

• By varying OH&S performance records

• Qualification , experience & competence criteria for workers are specified and
have been met.
• Resources , equipment and work preparations are adequate and ready for the
work to proceed.
 8.1.4.3 OUTSOURCING
• The organisation should ensure that outsourced functions and
processes are controlled.

• In outsourced functions , it is responsibility of the organisation to ensure

the conformance to requirements of ISO 45001 : 2018.

• In some countries , the legal requirements address outsourced

functions or processes .

• The type and edge of control on outsourced processes shall be defined

with OH&S management system.
 8.1.4 PROCUREMENT
8. Operation - With ISO 45001:2018 you will be required to control not only implementation and
planned changes to processes, but also to unintended, unplanned changes. Where unintended
changes are made, you will have to demonstrate that you have identified any actual or potential
adverse effects and have taken action to mitigate them.
8.1.4 Procurement Has the organisation established and implemented a process(es) to
New Requirement control the procurement of products and services in order to ensure their
conformity to the OHSMS?

Does the organisations procurement process (es) define and apply

occupational health and safety criteria for the selection of contractors?

Does the organisation coordinate its procurement process(es) with its

contractors in order to identify hazards and to assess and control the
OH&S risks arising from:

The contractors activities and operations that impact the organisation

The organisations activities and operations that impact the contractors
workers
The contractors activities and operations that impact other interested
parties in the workplace

Does the organisation ensure that the requirements of the OHSMS are met
by contractors and their workers?

Does the organisation ensure that outsourced functions and processes are
controlled and outsourced arrangements are
consistent with legal and other requirements and with achieving the
intended outcome of the OHSMS?
 8.2 EMERGENCY
PREPAREDNESS
• The organisation should establish , implement and maintain
processes needed to prepare for and respond to potential
emergency situations

• The organisation to provide training for planned responses , carry

out periodic testing and exercising the planned response
capabilities , evaluate the performance & if required planned
response , communicating and providing relevant information to all
workers in their duties and responsibilities.

The organisation shall maintain and retain documented information on the

processes and on plans for responding to potential energy situation.
 8.2 EMERGENCY
PREPAREDNESS
8. Operation - With ISO 45001:2018 you will be required to control not only implementation and
planned changes to processes, but also to unintended, unplanned changes. Where unintended
changes are made, you will have to demonstrate that you have identified any actual or potential
adverse effects and have taken action to mitigate them.
8.2 Emergency Has the organisation established and implemented process (es) needed
preparedness and to prepare for and respond to potential emergency situations, including the
response provision of first aid?
Are the emergency plans ready to be triggered and does the organisation
have the capability to respond effectively to
emergency situations i.e. are planned response actions periodically
tested, reviewed and revised if necessary, in particular after the
occurrence of emergency situations and after tests?

Are interested parties (e.g. contractors, visitors, emergency services,

government authorities, local community as appropriate) made aware of
relevant arrangements (and where necessary trained if they are required
to participate in the emergency response)?
Are workers informed of their duties and responsibilities in emergency
situations?
Is documented information maintained and retained on the emergency
response process and plans for responding to potential emergency
situations?

Guidance 1: External auditors will either seek evidence that response

tests are being conducted at the time of the audit or they will rely on
interviews and documentation of tests completed to verify conformance
with this requirement.
Guidance 2: discrepancy found during the audit of the emergency plans
or any incident which occurred during an emergency or drill has to be
considered as a nonconformity in the system, and appropriate corrective
actions have to be taken in order to prevent recurrence.
 9.0
PERFORMANCE
EVALUATION
9.1 MONITORING , MEASUREMENT
, ANALYSIS AND PERFORMANCE
EVALUATION

• The organisation shall establish , implement and maintain

processes for monitoring , measurement , analysis and
performance evaluation.

Monitoring involves checking , supervising , critically observing or determine the status

Performance evaluation Measurement generally Analysis is the process

is an activity undertaken involves assignment of of examining data to
to determine the number to object or reveal relationship ,
suitability , adequacy events . It is the basis patterns and trends .
and effectiveness of for quantification of
subject matter to data and is generally
achieve the established associated with
objective of OH&S performance evaluation
management system. of safety programme &
health surveliience
9.1 MONITORING , MEASUREMENT
, ANALYSIS AND PERFORMANCE
EVALUATION

• In order to achieve the intended outcome of the OH&S

management system, the processes should be monitored ,
measured and analysed .

Monitoring & measurement can include

• Occupational health complaints , health of workers and work environment
• Work related incidents , injuries and ill healths including trends
• Effectiveness of operational controls and emergency exercises
• competence

Monitoring & measurement can also include

• Whether all legal requirements are determined and whether the organisation’s
documented information of them is kept up to date.
9.1 MONITORING , MEASUREMENT
, ANALYSIS AND PERFORMANCE
EVALUATION

• The organisation should ensure that monitoring and measuring

equipment is calibrated or verified as applicable .

The organisation shall retain appropriate documented information

• As evidence of results of monitoring , measurement , analysis and performance
evaluation.
• On maintenance , calibration or verification of measuring equipment
9.1 MONITORING , MEASUREMENT
, ANALYSIS AND PERFORMANCE
EVALUATION

9. Performance evaluation - The newly introduced ISO 45001:2018 recognizes the importance
of managing through the gathering and analysis of data and there is increased requirement placed
on you to implement indicators. This will lead to a far more structured assessment of OH&S
management systems and you will be expected to establish monitoring and measuring that is
relevant and reliable and that the results are evaluated and analysed.
9.1 Monitoring, Has a process (es) been established and implemented for monitoring,
measurement, analysis measurement, analysis, performance evaluation and
and performance for evaluating compliance with legal and other requirements?
evaluation

Has the organisation:

 determined what needs to be monitored and measured in order to
determine the performance of the OHSMS and evaluate its
effectiveness (e.g. progress on OH&S objectives, characteristics of
activities and operations related to the identified hazards, risks and
opportunities, and the compliance level with legal and other
requirements)?
 Determined the methods for monitoring, measurement, analysis and
performance evaluation to ensure valid results,
using calibrated, maintained equipment where appropriate?
 Determined the criteria against which your organisation will evaluate its
OH&S performance?
 Determined when monitoring and measuring is performed and
when the results are analysed, evaluated and communicated?
 Determined the frequency and methods for evaluation of compliance
with legal and other requirements?
 9.1 MONITORING , MEASUREMENT ,
ANALYSIS AND PERFORMANCE
EVALUATION
9. Performance evaluation - The newly introduced ISO 45001:2018 recognizes the importance
of managing through the gathering and analysis of data and there is increased requirement placed
on you to implement indicators. This will lead to a far more structured assessment of OH&S
management systems and you will be expected to establish monitoring and measuring that is
relevant and reliable and that the results are evaluated and analysed.
9.1 Monitoring, Has the organisation:
measurement, analysis
and performance  Evaluated the OH&S performance and determined the effectiveness of
evaluation the OHSMS?
 Evaluated compliance with legal and other requirements and taken
necessary action(s)?
 Maintained knowledge and understanding of your compliance status
with legal and other requirements?

Is documented information retained as evidence of:

 The results of monitoring, measurement, analysis and evaluation?

 The maintenance, calibration or verification of measuring equipment?
 The results of compliance evaluations?

Guidance 1: External auditors will be obtaining evidence of analysis and

evaluation of data obtained from monitoring and measurement relating to
OH&S.

Guidance 2: External auditors are not expected to conduct legal

compliance audits, but they are to evaluate whether your OHSMS
processes are effective in ensuring such compliance by the organisation.
It should be noted that legal compliance audits are not required by ISO
45001.
 9.1.2 EVALUATION
OF COMPLIANCE
• The organisation should establish processes for evaluating
compliance with legal requirements and other requirements.

• The organisation should determine :

• Frequency and method of evaluation .

• Evaluate compliance and take actions if needed.
• Maintain knowledge and understanding of its compliance status with
legal requirements and other requirements .

Retain documented information of the compliance evaluation results

9.2 INTERNAL AUDIT
• 9.2.1Organisation should conduct internal audits at planned to
verify conformance & effectiveness to OH&S standard &
organsanistion ’s own requirements of OH&S including policy and
objectives

• 9.2.2 Key aspects of audit programme include planning for audit

including frequency ,define audit criteria and scope of each audit ,
selection of auditors , conducting audits , taking actions on
nonconformities .

Retain documented information as evidence of implementation of audit

programme and audit results
 9.2 INTERNAL AUDIT
9. Performance evaluation - The newly introduced ISO 45001:2018 recognizes the importance
of managing through the gathering and analysis of data and there is increased requirement placed
on you to implement indicators. This will lead to a far more structured assessment of OH&S
management systems and you will be expected to establish monitoring and measuring that is
relevant and reliable and that the results are evaluated and analysed.
9.2 Internal audit The requirements in ISO 45001 are very similar to the requirements
found in (BS) OHSAS 18001 i.e. your organisation must:

Conduct internal audits at planned intervals in order to provide information

as to whether the OHSMS conforms to both your organisations own
requirements and the requirements of ISO 45001
Plan, establish and implement an audit programme, including the
frequency, methods, responsibilities, consultation, planning
requirement and reporting of internal audits
Take action to address any nonconformities
Retain documented information as evidence of the implementation of the
audit programme and audit results
A new requirement of ISO 45001 is that relevant audit results must now be
reported to workers and where they exist
workers representatives and other relevant interested parties
 9.2 AUDIT EVIDENCE
When third party auditors examine internal audit processes, they should
evaluate issues such as:

• The competencies that are needed for and applied to the audit,
• Objectivity and impartiality of the internal audit process
• The risk based thinking performed by the organization in planning internal
audits,
• The degree of management involvement in the internal audit process
• The guidance provided by ISO 19011
• The way the outcome of the internal audit process is used by the
organization to evaluate the effectiveness of its DMS and to identify
opportunities for improvements
• How reports are communicated to management, and for OH&SMS, to workers
and interested parties
 9.3 MANAGEMENT
REVIEW
• Top management shall review the organisation’s OH&S
performance at planned intervals to ensure suitability , adequacy
and effectiveness.

Management Review Inputs :

• Status of actions from previous management reviews
• Changes in external and internal issues that are relevant to OH&S management
system including
- the needs and expectations of interested parties
- Legal requirements and other requirements
- Risks and opportunities
• The extent to which the OH&S policy and OH&S objectives have been met
• Adequacy of resources for maintaining an effective OH&S management system
• Relevant communication with interested parties

MRM INPUTS
• Information of OH&S performance trends including
- incidents , nonconformities , corrective action and continual improvement
- Monitoring and measurement results
- Results of evaluation of compliance with legal requirements and other
requirements
- Audit results
- Consultation and participation of workers
- Risks and opportunities
 9.3 MANAGEMENT
REVIEW
• The output of management review should include decisions related
to:

Management Review Outputs

• The continual suitability , adequacy and effectiveness of OH&S management
systems in achieving its intended outcome
• Continue improvement opportunities
• Any change for change in OH&S management system
• Resources needed
• Actions if needed
• Opportunities to improve integration of OH&S management system with other
business processes
• Any implication for strategic direction of the organisation

The top management should communicate the relevant outputs of management

reviews to workers and where they exist workers’ representative

The organisation shall retain documented information as evidence of results of

management reviews
 9.3 MANAGEMENT REVIEW
9. Performance evaluation - The newly introduced ISO 45001:2018 recognizes the importance
of managing through the gathering and analysis of data and there is increased requirement placed
on you to implement indicators. This will lead to a far more structured assessment of OH&S
management systems and you will be expected to establish monitoring and measuring that is
relevant and reliable and that the results are evaluated and analysed.
9.3 Management review Do top management review the organisations OH&S at planned
intervals to ensure its continued suitability, adequacy and
effectiveness?
Is documented information retained as evidence of the results of
management reviews?
Does the management review consider:
• Status of actions from previous management reviews?

 Changes in external and internal issues that are relevant to

theOHSMS (interested parties, risks and opportunities and legal and
other requirements)?
 The extent to which OH&S policy and objectives have been met?
 Information on the OH&S performance?
 Adequacy of resources for maintaining the OHSMS?
 Relevant communications with interested parties?
 Opportunities for improvement?
Are the outputs of management reviews communicated to workers and
where they exist workers representatives?

Guidance: External auditors will be expecting a more strategically

focused management review. Context, risks and opportunities need to
be considered as well as the alignment of the OH&S to the
organisations overall strategic objectives. External auditors will be
expected to audit this clause with top management and will be
gathering evidence with senior management on corporate strategy
issues relating to the OHSMS that go beyond operational issues.
 9.3 AUDIT EVIDENCE
As outputs from the management review process, there should be
evidence of decisions regarding:
• Changes to the policy and objectives,
• Continuing suitability, adequacy and effectiveness of the DMS
• Plans and possible actions for improvements,
• Change of resources,
• Opportunities to improve integration
• Implications for the strategic direction of the organisation.
 10.0
IMPROVEMENT
IMPROVEMENTS
• 10.1 organisation should consider the results from analysis
of OH&S performance , evaluation of compliance , internal
audits and management reviews when taking actions to
improve.
 IMPROVEMENTS
10. Improvement - This section emphasizes the general need to continually improve planning,
processes and operations. To comply, you will need to demonstrate that you actively look for
opportunities for improvement and implement any necessary actions identified to achieve a better
OHSMS.
10.1 General Does the organisation determine opportunities for improvement and
implement necessary actions to achieve the intended outcome of the
OHSMS?

Note: Preventive action is no longer an explicit requirement as preventive

action is addressed through management of risks
and opportunities.
 10.1 INCIDENT,
NONCONFORMITY AND
CORRECTIVE ACTION
• The organisation should establish , implement and maintain
processes for reporting , investigating and taking action to
determine and manage incidents and nonconformities.

• The incident or non conformity management includes following.

• Containment - take action to control it and correct it, deal with the consequences
• Evaluate with participation of worker
• Determine causes
• Determine if similar incidents have occurred , if nonconformities exits or if they
could potentially occur
• Review of existing assessment of OH&S risks
• Determine and implement any action needed , including corrective action in
accordance with hierarchy of controls and management change & varying the
effectiveness.
 10.1 INCIDENT,
NONCONFORMITY AND
CORRECTIVE ACTION
• The organisation shall communicate the documented information to
relevant workers and where they exist worker’s representative and
worker’s representative and other relevant interested parties.

The organisation shall retain documented information as evidence of

• The nature of the incidents or nonconformities and any subsequent actions taken
• The results of any action and corrective actions including their effectiveness.
 10.1 INCIDENT,
NONCONFORMITY AND
CORRECTIVE ACTION
• Examples of incidents , nonconformities and corrective actions.

Incidents: fall with or Non conformities : Corrective actions : as

without injury, broken protective equipment indicated by hierarchy
leg, hearing loss non functioning , of controls eliminating
failure to fulfil legal hazards , substituting
requirements and other with less hazardous
requirements , materials , redesigning
deviations found in or modifying
internal audit equipment or tools ,
improving
competencies of
affected workers
 10.1 INCIDENT,
NONCONFORMITY AND
CORRECTIVE ACTION
10. Improvement - This section emphasizes the general need to continually improve planning,
processes and operations. To comply, you will need to demonstrate that you actively look for
opportunities for improvement and implement any necessary actions identified to achieve a better
OHSMS.
10.2 Incident, Have process (es) been established and implemented for reporting,
nonconformity and investigating and taking action(s) to determine and manage incidents
corrective action and nonconformities?

When an incident or nonconformity occurs does the organisation:

 Take action to control and correct it and deal with the consequences in
a timely manner?
 Evaluate, with the participation of workers and the involvement of
other relevant parties the need for corrective action to eliminate the
root cause(s) of the nonconformity?
 Review existing assessments of OH&S risks and other risks as
appropriate (related to clause 6.1)?
 Determine and implement any action needed in accordance with the
hierarchy of controls (clause 8.1.2) and the
management of change (clause 8.1.3)?
 Assess OH&S risks that relate to new or changed hazards prior to
taking action?
 Review the effectiveness of any action(s) taken?
 If required make changes to the OHSMS?

Is documented information retained as evidence of the nature of incidents

and nonconformities, any action(s) taken and the subsequent results and
effectiveness of the action(s) taken?
Is the documented information above communicated to relevant workers
and where they exist workers’ representatives and
other relevant interested parties?
10.2 AUDIT EVIDENCE
• Recording process
• Reporting process
• Accident investigations – includes methodology of investigation
• Communication of findings
• Corrective actions & preventative action
• Reviews of current controls
 10.3 CONTINUAL
IMPROVEMENT
• The organisations shall continually improve the suitability ,
adequacy and effectiveness of OH&S management system by

• Enhancing OH&S performance

• Promoting a culture that supports an OH&S management system
• Promoting the participation of workers in implementing actions
• Communicating the relevant results of continual improvements to workers
and where they exist worker’s representative

The organisation shall maintain nd retain documented information as evidence

of continual improvement
 10.3 CONTINUAL
IMPROVEMENT
10. Improvement - This section emphasizes the general need to continually improve planning,
processes and operations. To comply, you will need to demonstrate that you actively look for
opportunities for improvement and implement any necessary actions identified to achieve a better
OHSMS.
10.3 Continual Does the organisation strive to improve the suitability, adequacy and
improvement effectiveness of the OHSMS by:

 Enhancing OH&S performance?

 Promoting a proactive culture that provides support to the OHSMS?

 Promotes the participation of workers in the identification and

implementation of opportunities for improvement?

 Communicating the relevant results of improvement actions taken

and the results to workers and where they exist workers’
representatives?

 Maintaining and retaining documented information as evidence of

continual improvement?

Guidance 1: External auditors should be able to track the organisations

improvement process throughout the entire
OHSMS.

Guidance 2: Auditors will be seeking evidence that the organisation is

using outputs from analysis and evaluation, internal audit and
management review processes to identify improvement opportunities and
OH&S underperformance. Auditors will be assessing whether the
organisation has implemented the identified opportunities for improvement
in a planned and controlled manner and whether the whole workforce,
from top management to non-managerial workforce participated in the
process.
1. WHY AUDITING?
WHY AUDITING?
• A tool / approach / mechanism to:

• Discover and evaluate the need for certain actions

• Sustain and improve performance

• Bring about value additions

• Obtain assurance in an independent, unbiased manner

 WHAT AUDITING
IS AND IS NOT?
Auditing is …
• Management tool / approach / mechanism
Auditing is not a forum / mechanism for:
• Creating distrust
• Generating ill-will
• Engaging in verbal duels / fights
• Settling old scores
• Demonstrating one-upmanship
• Scoring brownie points
• Instilling fear through open / subtle threats
 DIFFERENT
CLASSIFICATIONS

• Internal Vs External
• Based on who conducts:
1. First Party
2. Second Party
3. Third Party
• Focus of the audit
 1ST / 2ND / 3RD
PARTY AUDIT
Client Auditor Auditee

1st party Internal Internal or external Internal

audit

2nd party audit External External Internal

3rd party audit Internal External Internal

 COVERAGE
• Policy

• Legal & other requirements, both environment and OHS.

• Issues:

• Environmental aspects and impacts

• OHS hazards, consequences and risks

• Environmental issues that also have an OHS relevance

• OHS issues that also have environmental relevance

• Management systems elements

 EHSMS AUDIT:
DEFINITION
• A systematic, documented verification process of objectively
obtaining and evaluating evidence to determine whether an
organisation’s EHSMS conforms with the EHSMS audit criteria.
 EHSMS AUDIT
CRITERIA
• ISO 14001: 2004 Environmental Management Systems
Standards

• OHSAS 18001: 2007 Occupational Health & Safety

Management Systems Standards
 EHSMS AUDITOR
REQUIREMENTS
• Information / Knowledge:

• ISO 14001 and OHSAS 18001 standards

• Aspects / impacts

• Hazards, consequences and risks

• Legal and other requirements related to both environment

and OHS.

• Audit skills:

• Preparing for, conducting and reporting on audits

 WHAT IS ISO
19011?
• ISO 19011:2002 Guidelines for Quality and/or EMS auditing

• Replaces existing guidelines on quality management as

well as EMS (ISO 14010,14011 and 14012
 TERMS AND
DEFINITIONS -
AUDIT PROGRAMME
• Programme: “set of one or more audits planned for a
specific timeframe and directed towards a specific purpose”

[Note: An audit programme includes all activities necessary

for planning, organising and conducting the audits]
 TERMS AND
DEFINITIONS -
SCOPE AND PLAN
• Scope: “extent and boundaries of an audit.” [Note: A
description of the physical locations, organisational units,
activities and processes, as well as time period covered.]

• Plan: “Description of the activities and arrangements for an

audit.”
 TERMS AND
DEFINITIONS -
AUDITEE AND
CLIENT
• Auditee: “organisation being audited”

• Client: “organisation or person requesting an audit”

 TERMS AND
DEFINITIONS - AUDIT
TEAM AND ITS MEMBERS
• Auditor: "person with the competence to conduct and audit."

• Audit Team: “One or more auditors conducting an audit,

supported if needed by technical experts.”

• Technical expert: “Person who provides specific knowledge

or expertise to the audit team.” [Note: technical expert does
not act as an auditor.]

• Audit team leader: “One auditor of the audit team appointed

as audit team leader”
 TERMS AND
DEFINITIONS - AUDIT
CRITERIA
• Set of policies, procedures or requirements.

[Note: audit criteria are used as a reference against

evidence is compare.]

• Audit criteria are defined early in the process, and then

communicated to the auditee

• The audit criteria should be defined at an appropriate level

of detail
 TERMS AND
DEFINITIONS - AUDIT
EVIDENCE
• Records, statements of facts or other information’s which
are relevant to the audit criteria and verifiable.”

[Note:Audit evidence may be qualitative or quantitative.]

 TERMS AND
DEFINITIONS - AUDIT
FINDINGS
• Results of the evaluation of the collected audit evidence
against audit criteria”.

[Note: audit findings can indicate either conformity or

nonconformity with audit criteria or opportunities for
improvements.]
 TERMS AND
DEFINITIONS - AUDIT
CONCLUSIONS
• Outcome of an audit provided by the audit team after
consideration of the audit objectives and all audit findings.”
 PRINCIPLES OF
AUDITING
• Ethical conduct

• Fair presentation

• Due professional care

• Independence

• Evidence-based approach
 PRINCIPLES -
ETHICAL CONDUCT
• Foundation of professionalism

• To ensure:

• Trust

• Integrity

• Confidentiality

• Discretion

• These are essential to auditing.

PRINCIPLES - FAIR
PRESENTATION
• Obligation to report truthfully and accurately.

• To ensure:

• Findings, conclusions and reports reflect truthfully and

accurately.

• Significant obstacles and unresolved diverging opinions

between the audit team and auditee are fully reported.
 PRINCIPLES - DUE
PROFESSIONAL CARE

• Application of diligence and judgment in auditing

• To ensure:

• Use appropriate care, diligence, skill and judgment

• Follow procedures that provide for quality assurance

• Information or documents obtained or generated during

the audit (including the final report) are not disclosed to
any third party without the permission of both the client
and, where appropriate, the auditee, unless required by
law.

• All audit team members maintain a relationship of

confidentiality and discretion with the client.
 PRINCIPLES -
INDEPENDENCE
• Basis for the impartiality of the audit and objectivity of the
conclusions

• To ensure:

• Auditors are independent

• Free from bias

• Without conflict of interest

• Maintain objectivity throughout the audit process

• Ensure that audit findings and conclusions are based on

audit evidence
PRINCIPLES - EVIDENCE-
BASED APPROACH
• Rational method for reaching reliable and reproducible audit
conclusions in a systematic audit process

• To ensure:

• Audit evidence is verifiable

• Based on samples of information available

• Appropriate use of sampling to obtain greater confidence

in the results
AUDIT ACTIVITIES
• Initiating the audit

• Conducting the document review

• Preparing for the onsite audit activities

• Conducting onsite audit activities

• Preparing, approving and distributing the audit report

• Completing the audit

• Conducting audit follow-up

 COMPETENCE &
EVALUATION OF AUDITORS

• Basis of competence and concept of competence

• Personal attributes

• Knowledge and skills

• Education, work experience, auditor training and auditor

experience

• Maintenance and improvement of competence

• Auditor evaluation
STEPS IN AN AUDIT
PROCESS

Initiating audit

Reporting

Conducting on-site Completing the audit

Conducting audit activities
document review

Follow-up

Preparing for the

on-site audit
activities
AUDIT METHODOLOGY
• Opening meeting

• Observations and recording of audit evidence

• Finalise audit findings

• Closing meeting (Present audit findings and finalise audit

report)
 OBSERVING AND
RECORDING EVIDENCES
• Follow audit plan/ route/ procedures
• Use checklists & aide-memoirs judiciously
• Use appropriate data collection method/s:
o Interviews
o Examination of documents
o Physical observation of site activities and conditions
o Review linkages
• Follow up on previous audit findings
• Manage time optimally (adequate depth and spread)
• Consult team members (Back and forth verification)
 OBSERVING AND
RECORDING EVIDENCES
• Think and adapt on-line
• Interpret the requirements of audit criteria correctly (consider
auditees viewpoints and explanations)
• Maintain objectivity and cool temper at all times
• Record legibly (Both conformance and non-conformances)
• Adopt open approach/ ask open ended questions
• Be in listening mode - maximum time
• Be a friendly professional
• Ensure scope & objectives are covered
• Fill up audit formats as per agreed protocol
• Work as a team with co-auditors/auditees/guides
AUDITORS’ APPROACH
• Meet Area representative first
• Talk to those performing the task
• Explain purpose of audit
• Be calm, polite
• Never act Superior
• Speak clearly and listen carefully
• Start with easy questions
• Do not challenge the Auditee
• Record all answers
 INFORMATION REQUIRED
• Site Information
• Management information
• Production information
• Raw materials data
• Chemical data
• Waste information
• Incidents and accidents
• Health monitoring data through personal and work-zone monitoring
• Cost information
• Key personnel
AUDIT FINDINGS
• Clear/Unambiguous

• Objective

• Supported by Evidence

• Accurate

• Identified with relevant clauses and procedures

• Identified with functional area

CATEGORISING AUDIT
FINDINGS
• Positive

• Negative
1. non-conformances
2. observations
3. suggestions
VERIFY AND ASSESS FINDINGS
AMONGST AUDITORS’ TEAM

• Audit team meets privately

• Interim meetings during audit

• On completion of audit, prior to close out

▪ Review notes and checklist
▪ Identify non-compliance
▪ Evaluate impacts of non-compliance
▪ Document findings
 FINALISATION OF
AUDIT FINDINGS
• Each auditor to review findings

• Lead auditor to take integrated review

• Check for additional data collection/site visit/documents if

necessary

• Generate factual, correct, complete and legible audit

findings in defined formats

• Review audit findings with individual auditees

• Prepare for closing meeting (process & content)

CLOSING MEETING

• Thank the auditees

• Present findings (after lead auditor’s introductory remarks)
• Ensure clear understanding
• Resolve differences
• Be open to additional information
• Present audit conclusion, if appropriate
• Give recommendations if required and if you are competent to
do so
• Discuss corrective actions/ follow up requirements
• Handover/ commit the date of final report submission
• Maintain confidentiality
Thank You!