ISO 45001 Health and safety management standard
ISO 45001 is an international standard for health and safety at work developed by national and international standards committees independent of government.
Introduced in March 2018, it's replacing the current standard (BS OHSAS 18001) which will be withdrawn. Businesses have a three-year period to move from the old standard to the new one.
You're not required by law to implement ISO 45001 or other similar management standards, but they can help provide a structured framework for ensuring a safe and healthy workplace.
If your organisation is small or low-risk, you'll probably be able to demonstrate effective risk management without a formal management system. A simpler and less bureaucratic approach may be more appropriate such as that outlined in HSE's guidance on health and safety made simple.
HSE's view of ISO 45001
Implementing ISO 45001 may help your organisation demonstrate compliance with health and safety law. But, in some respects, it goes beyond what the law requires, so consider carefully whether to adopt it.
If your organisation already has a developed health and safety management structure, or you're familiar with other management standards, it may be straightforward for you to adopt ISO 45001. However, if your organisation is small, with less formal management processes, you may find it difficult to:
- interpret what the standard asks for
- gauge what proportionate implementation looks like
This may particularly be the case if you're adopting management standards to meet supply chain requirements of customers or contracting bodies.
HSE is concerned about the practical implementation of the standard, including audit and certification, and whether it can be easily tailored to work effectively for organisations of all sizes and levels of complexity in a way that's in proportion to the risks they must control.
Contracting bodies and customers should therefore ask themselves whether the supplier really needs certification to 45001, or whether they can demonstrate competence in managing health and safety using other means.
Compliance with health and safety law
HSE inspectors will continue to rely on a wide range of evidence and observations when assessing an organisation's compliance with health and safety law, not just whether they claim to meet the ISO 45001 standard or not.
Using a management system approach
HSE's guide on managing for health and safety (HSG 65) may help your organisation as it provides a clear process-based approach to risk management. However, adopting a formalised management system approach, whether HSG65 or ISO 45001, may not be the most appropriate model for your businesses, particularly if it's small or low-risk.
Your organisation can apply the standard to your activities (in full, or in part) to help provide evidence of good health and safety management, and improvements made, without getting certification. But, you can only claim to conform to the standard if it's implemented fully.
To implement ISO 45001 in a proportionate way, auditors or certifiers should understand that it needs to be:
- tailored to an organisation's size and level of complexity
- in proportion to the risks
You should ensure that any auditor or certifier you use has evidence that they're competent to a recognised standard, such as ISO 19011:2011 or the relevant parts of the ISO 17021:2011 series.
The certification body should be accredited by either the United Kingdom Accreditation Service (UKAS) for ISO 45001 or an equivalent accretion body that is member of the European Cooperation for Accreditation (EA) or the International Accreditation Forum (IAF).
The advice on this page relates solely to the health and safety management systems standard ISO 45001.
HSE continues to recognise the valuable role that product standards can play in:
- delivering consumer and worker protection
- providing a level playing field for businesses
- enabling trade with other countries
Help with ISO 45001 from outside your organisation
You can get external advice to help comply with the standard but your organisation will remain legally responsible for the day-to-day control of risk.
If you choose to use a third party (including auditors and certifiers) ask them for proof that they have experience implementing the standard proportionately across a range of business sizes, types and sectors.
You can get help finding a consultant with experience of your work by using the Occupational Safety and Health Consultants Register.