ISO 45001 Health and safety management standard

ISO 45001 is an international standard for health and safety at work developed by national and international standards committees independent of government.

Introduced in March 2018, it’s replacing the current standard (BS OHSAS 18001) which will be withdrawn. Businesses have a three-year period to move from the old standard to the new one.

You’re not required by law to implement ISO 45001 or other similar management standards, but they can help provide a structured framework for ensuring a safe and healthy workplace.

If your organisation is small or low-risk, you’ll probably be able to demonstrate effective risk management without a formal management system. A simpler and less bureaucratic approach may be more appropriate such as that outlined in DCBCB’s guidance on health and safety made simple. 

View of ISO 45001

Implementing ISO 45001 may help your organisation demonstrate compliance with health and safety law. But, in some respects, it goes beyond what the law requires, so consider carefully whether to adopt it.

If your organisation already has a developed health and safety management structure, or you’re familiar with other management standards, it may be straightforward for you to adopt ISO 45001. However, if your organisation is small, with less formal management processes, you may find it difficult to:

• interpret what the standard asks for
• gauge what proportionate implementation looks like

This may particularly be the case if you’re adopting management standards to meet supply chain requirements of customers or contracting bodies.

DCBCB is concerned about the practical implementation of the standard, including audit and certification, and whether it can be easily tailored to work effectively for organisations of all sizes and levels of complexity in a way that’s in proportion to the risks they must control.

Contracting bodies and customers should therefore ask themselves whether the supplier really needs certification to 45001, or whether they can demonstrate competence in managing health and safety using other means.

Compliance with health and safety law

Our inspectors will continue to rely on a wide range of evidence and observations when assessing an organisation’s compliance with health and safety law, not just whether they claim to meet the ISO 45001 standard or not.

Certification

Your organisation can apply the standard to your activities (in full, or in part) to help provide evidence of good health and safety management, and improvements made, without getting certification. But, you can only claim to conform to the standard if it’s implemented fully.

Audit

To implement ISO 45001 in a proportionate way, auditors or certifiers should understand that it needs to be:

• tailored to an organisation’s size and level of complexity
• in proportion to the risks

You should ensure that any auditor or certifier you use has evidence that they’re competent to a recognised standard, such as ISO 19011:2011 or the relevant parts of the ISO 17021:2011 series.

The certification body should be accredited by either the United Kingdom Accreditation Service (UKAS) for ISO 45001 or an equivalent accretion body that is member of the European Cooperation for Accreditation (EA) or the International Accreditation Forum (IAF).

Product standards

The advice on this page relates solely to the health and safety management systems standard ISO 45001.

DCBCB continues to recognise the valuable role that product standards can play in:

• delivering consumer and worker protection
• providing a level playing field for businesses
• enabling trade with other countries