Jack Sehkon and Associates Inc.

Core elements of an ISO 45001 based OHSMS

Learn about the 10 clauses of Occupational Health & Safety Management System.

Introduction to OHSMS

An Occupational Health and Safety Management System (OHSMS) is essential for providing a safe workplace by preventing injuries and ensuring compliance with OHS regulations. Learn more about OHSMS requirements.

Core elements of Ohsms

Clause 1 - Scope of ISO 45001 Standard

Indirectly conveys the message why do you need an OHSMS. It covers if you need to provide a healthy and safe workplace and comply with applicable OHS statutory/regulatory requirements, then you need to adopt ISO 45001 based OHSMS. It also covers any exclusions from clause 8 as long as that exclusion does not impact on your organization’s ability to deliver products that meet customer requirements and statutory/regulatory requirements.

Clause 2 - Normative References

 No references.

Clause 3 - Terms and definitions

It covers 37 definitions.

Clause 4 - Organizational Context

Clauses 4.1 and 4.2 Understanding Organization Context

Covers identifying internal and external issues along with stakeholders relevant to your organization’s OHSMS intended outcomes. This can be achieved using SWOT and PESTLE tools combined with risk assessment (Organizational Risk Register) to develop a strategic plan supported by OHS operational plan (policies and procedures) at the working level. Finally, it requires monitoring and reviewing of internal/external issues/stakeholders to ensure these remain relevant. 

Clause 4.3

Scope ‘Scope’ of OHSMS is determined based on workplace products and services activities ( employee driven and outsourced) as well as internal/external issues and relevant stakeholders. It provides provision for exclusion from clause 8 based on justification. The scope must be documented.

Clause 4.4 OHSMS and Processes

Refers to overall OHSMS and technically covers all ISO 45001 clauses in the form of text based on PDCA cycle. It especially covers workplace processes identification based on process approach model and can be termed as Functional Process Lists. Finally, it generically covers the extent of documented information to be maintained and retained for the whole OHSMS.

Clause 5 - Leadership

Clause 5.1/5.2 Leadership Commitment

Relates to obligations from leadership with respect to OHSMS. Some of the key ones include ensuring alignment of OHSMS with the strategic plan, delivery of intended outcomes of OHSMS, being accountable for the OHSMS and promoting the process approach and risk-based thinking. It additionally requires leadership and commitment with respect to a healthy and safe workplace.

Clause 5.2 Policy

Requires leadership to take a direct role in establishing, implementing, and maintaining an OHS policy consistent with strategic plan and 5 required commitments. The OHS policy must be documented.

Clause 5.3 Roles/Responsibilities/Authorities

Requires leadership to ensure roles/responsibilities /authorities are assigned, communicated, understood, and documented for the development, implementation, and maintenance of OHSMS and its integrity.

Clause 5.4 Consultation and participation of workers

Requires the organization to establish, implement and maintain a process(es) for consultation and participation of workers at all applicable levels and functions, in the overall aspects of the OH&S management system. 

It requires the organization to establish a positive environment and culture for consultation and participation through relevant OHS information and removal of any obstacles/barriers. 

It emphasizes the consultation of non-managerial workers on several topics related to OHSMS.

Finally, it emphasizes the participation of non-managerial workers in specific OHSMS aspects.

Clause 6 - Planning

Clause 6.1.1 Actions to Address Risks and Opportunities

Requires organizational risks to be determined based on organizational context and stakeholders. Furthermore, these risks require to be mitigated in conjunction with OHS operational risks identified in Clause 4.4. The effectiveness of risk mitigation is also required. This clause provides the framework for OHSMS which is pivotal for a prevention based OHS management system. Relevant documented information is retained.

6.1.2 Hazard identification and assessment of risks and opportunities Hazard identification 

It is required to establish, implement, and maintain a process(es) for hazard identification that is ongoing and proactive. The process(es) considers work organization, social factors, leadership, culture, routine and non-routine activities and situations, including hazards arising from overall infrastructure phases such as operation, design, construction, service delivery and maintenance as well as ergonomics. Assessment of OH&S risks and other risks to the OH&S management system 

It is required to have an overall process to assess OH&S risks from the identified hazards with controls in place, determine and assess the other risks related to OH&S management system. The methodology(ies) and criteria for the assessment ensures the assessed risks are proactive rather than reactive. It is required to maintain and retain documented information. Assessment of OH&S opportunities and other opportunities for the OH&S management system 

It is required to have a process(es) to assess OH&S opportunities to enhance OH&S performance. These processes could include organizational overall change management, ergonomics, reduction of OHS hazards/risks.

6.1.3 Determination of legal requirements and other requirements 

It is required to determine and have access to up-to-date legal requirements and other requirements that are applicable to its hazards, OH&S risks, and OH&S management system.

Also required is to determine how these legal requirements and other requirements apply to the organization and what needs to be communicated.

Finally, how these requirements are considered into the overall design of OHSMS. It is required to maintain and retain documented information.

6.1.4 Planning action 

It is required to take action to address these risks and opportunities, prepare for and respond to emergency situations, integrate the actions into its OH&SMS management system processes or other business processes, and evaluate the effectiveness of these actions by taking into account the hierarchy of controls. 

Clause 6.2 OHS Objectives and Means to Achieve Them

OHS objectives require to be established based on results of risk assessments, applicable requirements, results of consultation and participation including compliance with applicable OHS statutory/regulatory requirements.

The objectives could be static or dynamic and must be measurable, consistent with OHS policy and established at various functions and levels depending upon the size and nature of the organization.

The objectives could be targeted towards processes, compliance, OHSMS performance, and employee engagement. The objectives must be documented.

In addition, objectives are required to be supported by programs that address various steps, responsibilities, resources, and timelines.

Clause 6.3 Planning of Changes

ISO 45001 Standard requires a change management system for OHSMS. The change management system must cover change identification, change consequences assessment including responsibilities to maintain the integrity of OHSMS.

Looking to certify your organization's Ohsms?

Contact JSA Inc. for questions related to your company’s OHSMS certification. Our proven and successful strategies can help you achieve OHSMS certification without any delays and hassles. Hire JSA for certification project!

Clause 7 - Support

Clause 7.1. General Resources

This clause covers the determination and provision of all resources (human and infrastructure) for the development, implementation, and maintenance of OHSMS. 

7.2 Competence

It is required to establish necessary competence for employees based on training, education and experience for the effectiveness of OHSMS. Training needs are identified, and gaps are addressed through CBT, buddy system and job observation. It is also required to assess the effectiveness of the actions taken. Appropriate evidence of competence is required to be retained.

 7.3 Awareness

It is required to cause awareness of OHSMS that can be done through the following:

  • Process Lists or workplace activities
  • Strategic Plan
  • OHS and organizational Risk Registers
  • OHS Policy/Objectives
  • Safe Work Procedures
  • Safe Work Instructions
  • Supporting Tools
  • OHS Legal Register

7.4 Communication

This requires internal and external OHSMS communication based on who, what, when and how.

7.5 Documented Information

This clause requires maintaining and retaining documented information for the OHSMS based on:

  • Requirements of ISO 45001 Standard defined in clause by clause.
  • Requirements determined by your organization based on process/workplace activities identification and functional OHS risk registers.

In addition, requirements for documented information controls are defined that can include:

  • New document approval for adequacy and suitability
  • On-going review based on risk assessment.
  • Typical documented information controls
  • Identification of documents of external origin and their control.

Clause 8-Operation

8.1. Operational Planning and Control

8.1.1 General

This clause requires planning, implementing, and controlling the processes identified through process identification and risk assessment (clause 4.4 and 6.1) and implement action identified in clause 6 by:

  • Defining the OHS hazards/risks.
  • Developing processes or safe work procedures
  • Identifying the criteria for all processes (including outsourced processes) pertaining to clauses 4 through 10 including acceptance criteria for safe work activities.
  • Providing necessary resources for reduction/elimination of OHS hazards/risks
  • Executing the planned processes

One of the ways to achieve the above could be using a Health and Safety or OHS Plan.

The last requirement is to determine and maintain/retain documented information for high risk processes/safe work activities.

8.1.2 Eliminating hazards and reducing OH&S risks 

It is required to have a process(es) for the elimination of hazards and reduction of OH&S risks using the hierarchy of controls that includes elimination, substitution, engineering controls, administrative controls, and personal protective equipment. 

8.1.3 Management of change 

It is required to have a process(es) for the implementation and control of planned temporary/permanent changes that impact OH&S performance, including new products, services and processes aspects, changes to legal/other requirements, changes/developments in knowledge/technology or information about hazards and OH&S risks. 

8.1.4 Procurement General 

It is required to have a process(es) to control the procurement of products and services to ensure they will not impact workplace safety and health. Contractors 

It is required to coordinate and implement procurement process(es) with acceptance criteria with contractors to identify hazards and to assess and control the OH&S risks arising from the contractors’ activities/operations and the organization’s activities/operations affecting them and the stakeholders. Outsourcing 

It is required to control outsourced functions and processes consistent with legal requirements and other requirements. The type and degree of control is defined within the OH&S management system.

8.2 Emergency preparedness and response 

It is required to have a process(es) in place to prepare for and respond to potential emergency situations. 

The above process includes a planned response to emergency situations, providing training, periodically testing and exercising the planned response capability, evaluating performance, communicating and providing relevant information to all workers/contractors/mutual aid personnel on their duties and responsibilities. It is required to maintain and retain documented information.

Clause 9-Performance Evaluation

9.1 Monitoring, measurement, analysis, and evaluation 

9.1.1 General 

This clause requires to determine regarding monitoring and measuring: 

  • What – legal requirements, workplace activities and associated OHS hazards/risks, progress on OHS objectives, and operational controls effectiveness 
  •  methods (how to) – monitor/measure/analyze/evaluate 
  • Criteria – for performance
  • when – when to analyze and evaluate results. 

It is required to retain appropriate documented information as evidence of the results. 

9.1.2 Evaluation of compliance 

It is required to have a process(es) for evaluating compliance with legal requirements and other requirements. The process includes the frequency and method(s) for the evaluation of compliance, evaluation of compliance, and taking action if needed, and maintaining knowledge and understanding of its compliance status with legal requirements and other requirements.

It is required to retain documented information of the compliance evaluation result(s).

9.2 Internal audit 

It is required to conduct internal audits at defined schedule to provide information on whether the OHS management system conforms to: 

  • the organization’s own requirements for its OHS management system. 
  • the requirements of ISO 45001 Standard; and
  • is effectively implemented and maintained. 

It requires that an audit program planned, established, implemented and maintained based on specific requirements:

  • Include the frequency, methods, responsibilities, planning requirements and reporting, based on risk assessment, changes affecting the organization, and the results of previous audits. 
  • define the audit criteria and scope for each audit. 
  • select auditors and conduct audits to ensure objectivity and the impartiality of the audit process. 
  • ensure that the results of the audits are reported to relevant management. 
  • take appropriate corrections and corrective actions without undue delay. 
  • retain documented information as evidence of the implementation of the audit program and the audit results. The documented information could include audit plan, audit checklist, audit procedure, audit report, process requirements matrix, risk matrix.

9.3 Management review 

This clause is an excellent tool for leadership to demonstrate their commitment to OHSMS by ensuring that OHSMS continues to be suitable, adequate and effective and aligned with strategic plan. 

Following management review inputs based on analyzed data are required to be addressed:

  •  the status of actions from previous management reviews (outstanding items) 
  • changes in external and internal issues that are relevant to the OHS management system (SWOT and PESTLE) 
  • information on the performance and effectiveness of the OHS management system, including trends in: 
    • the extent to which OHS objectives have been met. 
    • Monitoring and measuring results. 
    • Incidents, nonconformities, corrective actions and improvement (NCR KPIs)
    • monitoring and measurement results (testing, inspection, review, verification, and validation KPIs) 
    • audit results (Audit KPIs)
    • consultation and participation results 
    • compliance evaluation results 
    • risks and opportunities (risk register validation) 
    • opportunities for improvement. 

It is required that the outputs of the management review include decisions and actions with timelines and responsibilities related to: 

  • opportunities for improvement. 
  • any need for changes to the OHS management system; 
  • resource needs. 
  • Implications to strategic direction
  • Integration of OHSMS with other management systems

It is required to retain documented information as evidence of the results of management reviews.

Consult JSA today to get started!

Clause 10 -Improvement

10.1 General 

The process to determine and select opportunities for improvement and implement any necessary actions to eliminate OHS hazards/risks must include:

  • Proactive risk assessment 
  • correcting, preventing or reducing undesired effects. 
  • improving the performance and effectiveness of the OHS management system.

10.2 Incident, Nonconformity and corrective action 

when a non-conformity occurs, including any arising from complaints, it is required to

  1. react to the nonconformity and, as applicable: 
  • take action to control and correct (immediate fix) it. 
  • deal with the consequences resulting from nonconformity such as work stoppage.
  1. b) evaluate the need for action to eliminate the cause(s) of the nonconformity, in order that it does not recur or occur elsewhere, by: 
  • reviewing and analyzing the nonconformity using process approach. 
  • determining the causes (root) of the nonconformity using a proven methodology
  • determining if similar nonconformities exist or could potentially occur.
  • Assessing current OHS risks
  1. c) implement any action needed such as corrective action 
  2. d) review the effectiveness of any corrective action taken by observing the symptoms recurrence. 
  3. e) update risks and opportunities determined during planning (risk register), if necessary; 
  4. f) make changes to the OHS management system using change management system, if necessary. 

Corrective actions must be based on fiscal sanity.

It is required to retain documented information on the nature of the nonconformities and any subsequent actions taken, and the results of any corrective action. 

10.3 Continual improvement 

This is the last clause to reap the benefits of all the work done so far. It is required to continually improve the suitability, adequacy, and effectiveness of the OHS management system by enhancing OHS performance, promoting appropriate OHS culture, promoting the participation of workers in OHSMS, and communicating the results of continual improvements.

ohsms hierarchy of controls

Looking to get certified? We offer online training courses!

ISO 45001 (OHSMS) Resources

  • ISO 45001:2018 Standard – Learn what is ISO 45001, Who needs it, how it is achieved, what is risk based thinking & more.
  • What is Ohsms? – Learn what is OHSMS, its requirements, benefits, importance, how to implement it and more.
Case Studies
Scroll to Top