ISO 45001 FAQ’s

We often receive questions about ISO 45001 Occupational Health and Safety certification.

We’ve compiled the most commonly asked questions and provided our answers below, which we hope helps.

Speak with our knowledgeable team on 0333 242 8633.

The HSWA of 1974 doesn’t help you improve your compliance or performance. It is simply a law that states what your legal duties are as an employer towards your employees and to anyone else affected by your organisation’s activities. You have to abide by this law.

Putting in place an occupational health and safety management system (OHSMS) like ISO 45001 gives you the framework and tools to comply with that law in a structured way.

ISO 45001 is the replacement for OHSAS 18001, rather than a simple update.

OHSAS stands for “Occupational Health and Safety Assessment Series” rather than an International Standard.

One of the main differences between the two relates to the elevated role of top management. Health and safety has to be incorporated into the broader management of your organisation such that senior management have to take a stronger leadership role. One of those responsibilities is to ensure that the views of all stakeholders is heard.

But perhaps the most fundamental difference is the general shift in emphasis. Whereas OHSAS 18001 focused on risk, ISO 45001 also puts an emphasis on identifying opportunities. This is to help eliminate hazards that exist now and which may arise in the future.

ISO 45001 has adopted what’s called the Annex SL High Level Structure, around which other standards like ISO 9001 and ISO 14001 are also built. This common structure means you can create an Integrated Management System.

Find out what we have learnt about ISO 45001 since it was introduced in March 2018 with our free webinar here

A policy is a broad principle which aligns with your organisation’s purpose and strategic direction. It describes your legal and moral commitment. A policy can often easily be stated on one side of a sheet of paper. It’s not about details. Just search online for ‘health and safety policy’ to get examples from other organisations. Your policy must be in writing.

In fact, regardless of whether you are aiming for ISO 45001 certification or not, UK law says that every business must have a policy for managing health and safety. If you have five or more employees, it has to be in writing. Clause 5.2 of ISO 45001 details how the policy statement should be set out.

As described in supporting ISO documentation, a procedure is a ‘specified way to carry out an activity or a process’ and a process is a ‘set of interrelated or interacting activities which transforms inputs into outputs’.

It could be said that a process is what happens, procedures describe how it happens.

A work instruction is more detailed still and dictates exactly how a certain task should be performed.

It’s worth mentioning the term ‘process approach’ here. It’s regarded as one of the pillars of management systems. It’s a way of managing your activities as a system of processes, rather than as people, products and departments. It means you take a holistic view, rather than taking a ‘silo mentality’. A process approach involves establishing effective and efficient processes that are consistently followed and improved upon. It’s the basis for most management standards.

There is no one size fits all for processes and procedures. These should be bespoke to each individual organisation based on context, scope and size.

Clause 6.2 of ISO 45001 deals with ‘objectives and planning to achieve them’.

Normally, objectives are often see as perhaps being a little vague. But that’s not the case in ISO world. Objectives should be SMART:



Achievable (sometimes agreed)

Realistic (or relevant) and

Time-bound (or timely)

The key word here is realistic. If something is unattainable, then your Objective should reflect that. There is no point in aiming for something that cannot be achieved.

If you do want to make broader and more ambitious statements, then your OHS policy is the best place for that.

ISO systems in general have required you to keep less and less documented information as the years have gone by. But you still need to keep some documented information, not least to provide evidence to the auditor. It’s also just good management practice. Here’s a list of what you’re required to keep:

  • Scope of the OHSMS (clause 4.3)
  • OHS policy (clause 5.2)
  • Responsibilities and authorities within OHSMS (5.3)
  • OHS process for addressing risks and opportunities (6.1.1)
  • Methodology and criteria for assessment of OHS risks (
  • OHS objectives and plans for achieving them (6.2.2)
  • Emergency preparedness and response process (8.2)

Then you also need to keep mandatory records. This is the stuff that the auditor will use to determine the effectiveness of your system. If you’re a Health & Safety professional or have H&S responsibilities, you probably keep a lot of this anyway, to record and monitor performance – it’s just that different terminology may be used in the ISO 45001 standard. See our plain English guide to ISO 45001 to help you here. Here’s a list:

  • OHS risks and opportunities and actions for addressing them (clause 6.1.1)
  • Legal and other requirements (clause 6.1.3)
  • Evidence of competence (7.2)
  • Evidence of communications (7.4.1)
  • Plans for responding to potential emergency situations (8.2)
  • Results on monitoring, measurements, analysis and performance evaluation (9.1.1)
  • Maintenance, calibration or verification of monitoring equipment (9.1.1)
  • Compliance evaluation results (9.1.2)
  • Internal audit program (9.2.2)

Yes. ‘Annex SL’, as it is known, is an ISO document which has been created to introduce identical core text and common terms and definitions across recent ISO management systems standards. This structure helps to:

  • Streamline standards
  • Encourage standardisation
  • Ease the integration of management systems


This means there is no duplication of common parts, making the implementation and management of your ISO standards much more efficient and effective, saving you time and money.

The time is now! ISO 45001 will not only help you improve your OHS performance, it can help you win more tenders as it increasingly becomes a contractual requirement.

‘Annex SL’, as described above, makes adding new ISO standards easier than ever, with less duplication and lower costs.

You can download the free ISO 45001 Gap Analysis from ISOQAR. If you’re currently implementing your system, it can be used to help identify what more work needs to be done. (If you’ve not started yet, it gives an idea of what’s involved.)

This all depends on your commitment, resources and on the ‘scope’ of your system. It may be that you don’t want to certify all of your sites and services/products. So, the narrower the ‘scope’, the quicker you can build your system.

The ISO 45001 management system is extremely digestible and relatively straightforward to implement. Generally, most companies work on a 3 month process from the Stage 1 visit (the first stage of the audit known as the Initial Assessment) to the Stage 2 visit (certification).

A quick phone call to a UKAS certification body can advise on ‘scope’ and what’s involved in the process.

No. You don’t need any prior qualifications – anybody can implement ISO 45001. However, you may want to do some ISO auditor training, even if it’s just a one day foundation/awareness course.

The best place to go to learn what your legal obligations are as an employer is the Health and Safety Executive website. It’s full of useful resources.

ISO 45001 is the most popular standard along with ISO 9001 Quality Management and ISO 14001 Environmental Management. Many organisations implement a couple or all three of them.

Most clauses in ISO systems are mirrored. These are not separate systems joined together, rather they are an integrated management system with linkages so that similar processes are seamlessly managed and executed without duplication.

The greatest divergence is, not surprisingly, to be found under Operation (clause 8), so pay particular attention to that clause.

If you don’t know much about ISO 45001, watch our five minute video What is ISO 45001?

Then get a copy of our plain English Guide to the Requirements of ISO 45001. At this stage, just flick through to get a flavour of what it’s all about.

Then give the ISOQAR team a call for a chat about what’s involved.

ISO 45001 is relevant to ANY sector and to any business of any size. It also works alongside any existing ISO certification you may already have. In fact, if you already have one ISO standard, implementation and maintenance of additional standards will be easier.

The cost depends on the number of audit days, your sector, the number of sites and the scope of your management system. ISOQAR is very competitive, and we don’t have any hidden costs like management fees, so we could give you a pleasant surprise!

Make sure your certificate is UKAS accredited

Not all certificates are equal. You need to make sure your certificate is issued by a body that has been accredited by the government-recognised United Kingdom Accreditation Service (UKAS).

A UKAS accredited certification body like ISOQAR undergoes regular rigorous inspections by UKAS to check we are operating to the highest standards.

This means that when you hold a certificate from a UKAS accredited body, you can be sure it’s more meaningful. Certificates that are issued by bodies which are not UKAS accredited are often not accepted.

UKAS accredited certificates are accepted across the world as evidence that you meet global standards of best practice.

Ready to go? Start your journey with Alcumus ISOQAR today

Choose from a phone call or an email quote, to find a format that suits you and your business