ISO 45001 Certification: 21 FAQs answered

We've gathered in this post all the commonly asked questions about ISO 45001 Certification together with expert answers. Read on below to learn more.

Table of Contents

• What is ISO 45001?
• What is ISO?
• What is the purpose of ISO 45001?
• What is ISO 45001 Certification?
• Do You Need ISO 45001 Certification?
• Who Issues ISO 45001 Certification?
• How to Get an ISO 45001 Certificate?
• Who needs an Occupational Health & Safety Management System (OHSMS)?
• What are the Benefits of a Formal OHSMS?
• What are Risk Assessments and Risk Treatment Plans about?
• Is an Emergency Evacuation Plan sufficient to meet Preparedness and Response requirements?
• Who needs ISO 45001 Certification?
• How much does ISO 45001 Certification Cost?
• Who issues ISO 45001 Certificates?
• How to Choose a Certification Body?
• How to check the ISO 45001 Certification of an organization?
• Are £375 ISO 45001 Certificates That You Can Get Within 7 days Legitimate?
• Why is it Important to Get Certified by the Proper Certification Body?
• How to get ISO 45001 Certification?
• Do OH&S Officers or others responsible for an OHSMS need training?
• Do Internal Auditors need training?

Click on the question to go directly to the Answer

What is ISO 45001?

ISO 45001 (or to give it its full title ISO 45001:2018, Occupational Health & Safety Management Systems – requirements with guidance for use, is an internationally-recognised standard that sets out the requirement for an Occupational Health & Safety Management System (OHSMS).  

An organization is responsible for the occupational health and safety of workers and others who can be affected by its activities. This responsibility includes promoting and protecting their physical and mental health. The adoption of an OH&S management system is intended to enable an organization to provide safe and healthy workplaces, prevent work-related injury and ill health, and continually improve its OH&S performance.

It is aligned with an organization's purpose and strategic direction. It is expressed as the organizational goals and environmental programmes, policies, processes, documented information, and resources needed to implement and maintain it.

The ISO 45001 standard is based on OHSAS 18001 (developed by the British Standards Institute - BSI), conventions and guidelines of the International Labour Organization including ILO OSH 2001, and national standards.  BS OHSAS 18001 was withdrawn by BSI immediately ISO 45001 was published.

What is ISO?

The International Organization for Standardization, commonly known as ISO, is the world's largest developer of voluntary International Standards. Their collection of 21,000+ standards offers solutions and best practice guidance for all types of technology and business, helping companies and organizations to increase performance while protecting consumers and the planet.

While mostly product and technical standards, the ISO has developed 40+ management system standards. The best known of these include ISO 9001 (quality), ISO 14001 (environment), ISO 45001 (Health & Safety) and ISO 27001 (information security management). The feature they all have in common is that they are auditable, that is, they are written to facilitate auditing by an independent third party (e.g., CAB) to confirm compliance with the standards’ requirements.

For more visit ISO 45001 on the ISO website.

What is the Purpose of ISO 45001?

The purpose of an OH&S management system is to provide a framework for managing OH&S risks. The intended outcomes of the OH&S management system are to prevent work-related injury and ill health to workers and to provide safe and healthy workplaces. Consequently, it is critically important for the organization to eliminate hazards and minimize OH&S risks by taking effective preventive and protective measures.

When these measures are applied by the organization through its OH&S management system, they improve its OH&S performance. An OH&S management system can be more effective and efficient when taking early action to address opportunities for improvement of OH&S performance.

Fundamental to fulfilling achieving these objectives are two features …

1. Managing OH&S Risks -  the intentions and direction of an organization as formally expressed by its top management and consistent with the context of the organization, and
2. Improve OH&S Performance – measurable targets, generally specified for relevant functions, levels and processes in the organization – focused on improvements.

A Certified OH&S management system also assists an organization to fulfil its legal requirements and other requirements.

External Auditors will persistently pay great attention to these three issues.

For more see the ISO publication ISO 45001 Occupational Health & Safety

What is ISO 45001 Certification?

An ISO 45001 Certificate is recognition from a Certification Body – CAB (usually, an accredited Certification Body) that an organization has implemented and is maintaining an OH&S Management system that meets the requirements of ISO 45001:2018.

Do You Need ISO 45001 Certification?

Yes and No. In many cases, ISO 45001 certification can be a useful tool - especially for SMEs - to add credibility, by demonstrating through independent audit your organization’s commitment to operating in a safe and healthy manner to staff and everyone using a particular site. For some sectors, ISO 45001 certification is a contractual requirement.

Who needs an Occupational Health & Safety Management System (OHSMS)?

An OH&S Management system (OHSMS) is defined as a formalized system that provides organizations with a framework for managing OH&S risks.  The intended outcomes of the OH&S management system are to prevent work-related injury and ill health to workers and to provide safe and healthy workplaces.

So, you have an OHSMS, and the fundamental question is do we need to formalise the system. Most organizations asking themselves this question say 'yes'. And currently, there are more than 40,000 organizations globally that have a formal OHSMS, which is certified to ISO 45001. This number is growing rapidly and we would expect 250,000 certified organizations within 5 years.

What are the Benefits of a Formal OHSMS?

While helping to prevent the injury or death of a colleague tops everyone's list, here are 16 more benefits that organizations SMEs certified to ISO 45001 will enjoy ...

1. Recognized reputation as a safe place to work and you have the internationally-recognized Certificate to prove it,
2. Larger pool of qualified candidates applying to work with your business because of this reputation,
3. Reduced absenteeism and employee turnover rates as employees have objective reasons to feel safer at work,
4. Improved ability to respond to regulatory compliance issues with an improved relationship with the regulatory authorities as a consequence,
5. Reduced cost of OH&S incidents as you have a system in place to prevent their recurrence,
6. Reduced downtime and the costs of disruption to operations because of fewer OH&S incidents and, when they occur, they are dealt with systematically and efficiently,
7. Reduced cost of insurance premiums as insurance companies recognise that certified businesses make fewer, and less costly, claims,
8. Peer recognition for having achieved an international benchmark, which in turn influences current and potential customers who are concerned about their social responsibilities)
9. Improved scoring in pre-tender documents (especially from public sector organizations): helps ensure that your organization gets a chance to compete with established businesses.
10. Reduced fines if prosecuted as your certification constitutes objective evidence to a court of the seriousness with which occupational health and safety treated.
11. Potentially reduce public liability insurance costs,
12. Qualify for pre-tender and tender opportunities. This is especially true if you deal with the public sector,
13. Performance of periodic internal audits. Helps with monitoring compliance with ISO 45001 requirements and highlighting deficiencies,
14. Corrective actions to prevent recurrence of OH&S incidents. Try to make mistakes only once, if at all,
15. Informed Board of directors. It's reassuring knowing that the organization is safety concious and has a certificate t prove it.
16. Management satisfaction knowing that the organization is functioning in line with legal requirements.

What are the Actions to Eliminate Hazards and Reduce OH&S Risks about?

Clause 6.1.2 requires an organization to identift OH&S hazards and then to assess the risks and opportunities arising. Clause 4.1.3 requires the legal and other requirements (e.g., contractual) also need to be determined.    Then plans need to be developed to ...

1. address these risks and opportunities;
2. address legal requirements and other requirements.

The hazards would include (and this is only a partial list) ...

• routine and non­routine activities and situations, including hazards arising from:
  1) infrastructure, equipment, materials, substances and the physical conditions of the workplace;
  2) product and service design, research, development, testing, production, assembly, construction, service delivery, maintenance and disposal;
  3) human factors;
  4) how the work is performed;
• past relevant incidents, internal or external to the organization, including emergencies, and their causes;
• potential emergency situations;

The persons whose safety and health (medium and long-term) need to be considered include those with access to the workplace and their activities, including workers, contractors, visitors and other persons in the vicinity of the workplace who can be affected by the activities of the organization.

1. Elimination: removing the hazard; stopping using hazardous chemicals; applying ergonomics approaches when planning new workplaces; eliminating monotonous work or work that causes negative stress; removing fork-lift trucks from an area.
2. Substitution: replacing the hazardous with less hazardous; changing to answering customer complaints with online guidance; combating OH&S risks at source; adapting to technical progress (e.g. replacing solvent-based paint by water-based paint); changing slippery floor material; lowering voltage requirements for equipment.
3. Engineering controls, reorganization of work, or both: isolating people from hazard; implementing collective protective measures (e.g. isolation, machine guarding, ventilation systems); addressing mechanical handling; reducing noise; protecting against falls from height by using guard rails; reorganizing work to avoid people working alone, unhealthy work hours and workload, or to prevent victimization.
4. Administrative controls including training: conducting periodical safety equipment inspections; conducting training to prevent bullying and harassment; managing health and safety coordination with subcontractors’ activities; conducting induction training; administrating forklift driving licences; providing instructions on how to report incidents, nonconformities and victimization without fear of retribution; changing the work patterns (e.g. shifts, of workers); managing a health or medical surveillance programme for workers who have been identified as at risk (e.g. related to hearing, hand-arm vibration, respiratory disorders, skin disorders or exposure); giving appropriate instructions to workers (e.g. entry control processes).
5. Personal protective equipment (PPE): providing adequate PPE, including clothing and instructions for PPE utilization and maintenance (e.g. safety shoes, safety glasses, hearing protection, gloves).

Is an Emergency Evacuation Plan sufficient to meet Preparedness and Response requirements?

There is no way that a periodic Fire Drill will satisfy the requirement here (Clause 8.2).

1. potential emergency situations (such as fires, storms, floods, extreme heat or cold, explosions, spills or releases of hazardous materials, and natural disasters);
2. hazardous materials used on-site (and their locations)?
3. key organizational responsibilities (including emergency coordinator)?
4. arrangements with local emergency support providers?
5. emergency response procedures, including emergency communication procedures?
6. locations and types of emergency response equipment?
7. maintenance of emergency response equipment?
8. training/testing of personnel, including the on-site emergency response team (if applicable)?
9. testing of alarm/public address systems?
10. evacuation routes and exits (map), and assembly points?
    

And drills and simulations will need to be practised regularly in preparation for an actual emergency.

Who needs ISO 45001 Certification?

Organizations globally, both public and private spheres, and from every economic sector can benefit from maintaining an ISO 45001 compliant OH&S Management System (OHSMS).

What are the Benefits of Having an ISO 45001 Certification?

Beyond the prevention of death and injury there are at least sixteen benefits that organizations with an OHSMS in place can enjoy.  These we've seen above.  For the organization directly here are some more ...

1. Legal and Regulatory Compliance: As demonstrated by independent assessment by an accredited certification body,
2. Reputation: be taken seriously as a prospective supplier as the holder of ISO 45001 Certification,
3. Qualify for pre-tender and tender opportunities, especially from the public sector,
4. Status: On equal terms with the ‘big’ boys’ – the size of your organization won’t hold you back,
5. Hazard Analysis, Risk Assessment and Risk Treatment helps engender a habit of quantifying threats of all kinds to the business and then proactively dealing with them, and
6. Objectives and improvement obligation focus’ you on setting targets for improvement and then planning and implementing them in a timely manner.

You’ll find a further ten benefits at ‘Why ISO 45001 Matters to SMEs’.

How much does ISO 45001 Certification Cost?

The cost of ISO 45001 certification varies hugely based on the size of the organization, geographical location and on economic prosperity.

Let’s take the example of an SME with 10 employees. And let’s assume that the SME is not already Certified to ISO 9001, which would reduce the work required. Here are some typical prices from the UK for 2021 where we consider three scenarios …

Notes:

1. It is necessary to examine a 3-year horizon as CABs play games with their quotations that can be confusing. What is a given, however, is that CAB Audits and the associated contract must, under IAF rules, be based on a 3-year cycle.
2. No outside help. The project leader would need ISO 45001 Lead Implementer Training.  Avoid this option unless your experience is sufficient to ensure an effective OH&S management system from the outset.
3. Four days of consultancy support are included here. Priced at £ 500 p.d., consultancy costs range from £300 to £700 per day. Essential that satisfactory references are obtained for previous ISO 45001 projects.
4. Maintenance here includes 2 days annually for internal auditing and Management Review support.

The best advice in controlling costs is to shop around. And to recheck the competitiveness of your chosen CAB regularly.

For more visit ISO 45001 Lead Implementer Certification Course. 

Who Issues ISO 45001 Certificates?

The ISO develops International Standards, such as ISO 9001 and ISO 45001, but is not involved in their certification. ISO does not issue certificates so a company or organization cannot be certified by ISO. This is performed by external certification bodies. 

ISO 45001 certificates are issued by Certification Bodies (CABs) based on a comprehensive 2-stage audit (itself based on the auditing standard, ISO 19011), the CAB gathers and documents objective evidence of compliance with the requirements of ISO 45001. After a suitable review within the CAB, a Certificate is issued as is permission to use logos to publicise the fact.

For more visit UKAS, the National Accreditation Body for the United Kingdom.

How to Choose a Certification Body?

The choice of a CAB is important. An accredited CAB (e.g. BSI) should be used wherever possible and with ISO 45001 one won’t be difficult to find.

Accreditation, which is issued by a nationally-recognized Accreditation Board (e.g., UKAS) is an important confirmation as to the legitimacy of the CAB. To help ensure an international ‘level playing field’ for CAB auditing standards National Accreditation Boards have their own international organization, the International Accreditation Forum (IAF), which oversees an ongoing programme of witnessed self-assessment of IAF Members of each others’ activities.

A Certificate from an accredited CAB will carry three logos. #1 the CAB’s own logo and #2 the Accreditation Boards logo and #3 the IAF logo. If you present an ISO 45001 Certificate to a customer or potential customer that does not carry all three logos, expect to be challenged. Without a plausible explanation, you can expect your approach to be rejected.

Are £375 ISO 45001 Certificates That You Can Get Within 7 days Legitimate?

Legally speaking, yes. But the Certificate is worthless. There are ‘cowboy’ CABs (whom you should ask to explain how an organization can create 3-months of records, the minimum needed to prove maintenance of an OHSMS, in 7 days) and even ‘cowboy’ Accreditation Bodies.

With ISO 45001 certificates, making sure you have the real thing fundamentally means choosing a CAB that will get you an IAF logo on your Certificate. Ask about it by name and accept nothing else.

Why is it Important to Get Certified by the Proper Certification Body?

Remember that those reviewing tender documents are unlikely to be inexperienced. They will recognise a phoney Certificate instantly. And your offering will go directly into the rubbish bin with the hard work you’ve expended to develop products and services you are proud of totally wasted when an ISO Auditor to find such a bogus Certificate.

For more visit Is IAF Accreditation possible for all ISO Standards? and Your Accreditation Body must follow IAF Guidance.

How do you get ISO 45001 Certification?

As you will have seen in the cost data above, there are two stages in securing ISO 45001 Certification:

Stage 1. Develop, implement, and maintain a suitable OHSMS for your organization and

Stage 2. Engage the services of a CAB to undertake the necessary evaluations and audits.

Stage 1. Develop, implement, and maintain a suitable OHSMS for your organization:

Our Infographic shown here nicely illustrates the multi-step process involved in preparing for Certification (click on the infographic image to get a copy for yourself). Whichever of the three approaches you choose (or variants thereof) you will benefit from our ISO 45001 Lead Implementer Course in managing and directing your ISO 45001 Project.

Stage 2. Engage the services of a CAB to undertake the necessary evaluations and audits:

When choosing a certification body, you should:

• Evaluate several certification bodies.
• Check if the certification body auditing activities include ISO 45001:2018.
• Check if it is accredited. Accreditation is not compulsory, and non-accreditation does not necessarily mean it is not reputable, but it does provide independent confirmation of competence. To find an accredited certification body, contact the national accreditation body in your country or visit the International Accreditation Forum.

Note: the terms certification and accreditation cannot be used interchangeably, though it is not uncommon to do so. The difference between accreditation and certification is:

Certification – the provision by an independent body of written assurance (a certificate) that the product, service, or system in question meets specific requirements.

Accreditation – the formal recognition by an independent body, generally known as an accreditation body, that a certification body operates according to international standards.

For more visit International Accreditation Forum/about us/ and 10 Reasons to change your ISO Certification Body.

How to check the ISO 45001 Certification of an organization?

The IAF, after struggling with the issue for many years, launched IAF CertSearch. This is an exclusive global database for accredited management system certifications. Other databases, irrespective of the organization publishing them, should be treated with scepticism or, better still, ignored.

Currently, CertSearch has over 400,000 valid certifications across more than 150 economies covering a range of sectors, 4000 certification bodies and 68 IAF MLA signatory accreditation bodies. While highly dependable, this database is a long way from being complete when one considers that there are 1 million-plus organizations certified to ISO 9001:2015 alone. Currently, there are over 300,000 organizations worldwide certified to ISO 14001:2015 but relatively few certified to ISO 45001:2018 (though the number here is growing rapidly).

Businesses and governments can digitally validate an organization’s certification(s), in order to determine if a certificate is valid and if the Certification Body issuing the certificate is accredited to issue certifications to that standard.

The direct route is, of course, always open to you – ask the organization for a copy of their current Certificate. Many will have their Certificate on display on their website.

For more visit IAF CertSearch

Do Management Representatives or others responsible for an OHSMS need training?

The training of a Management Representative or others with day-to-day responsibility to maintain an OHSMS is NOT mandatory. Training is implied as part of developing competence but not a specific stand-alone requirement. So, unless you are determined to outsource this support indefinitely (and technically that’s not permitted), you need to train your Management Representative. And you’re in luck. We’ve got exactly the ISO 45001 course you need.

For more info, visit our ISO 45001 Lead Implementer Course page.

Do Internal Auditors need training?

Again, training here is not mandatory. But effective internal audits are essential to doing a professional job in maintaining your OHSMS and in avoiding nasty surprises at your next Certification Body audit. Also, if you don’t train them, your auditors won’t have any of the skills necessary to ‘harvesting’ those improvement suggestions from the people in your organization who actually do the work.

For more visit ISO 45001 Internal Auditor Course.

Got a Question we haven't answered?

We'd love to hear it and, if possible, answer it for you.  Just use our Support Ticket System.  You'll find a Knowledge Base there that might have an immediate answer for you. Otherwise, fill in a Ticket.

For more visit deGRANDSON Support Ticket.

Related Articles

• Free ISO 45001 Implementation Handbook (200+ pages)
• ISO 45001 Consultancy: How to be an OHSMS Consultant
• ISO 45001 Requires Risk Management & not Just Risk-based Thinking

deGRANDSON Global is an ISO Certified Educational Organization

We have chosen ISO 21001 certification because, unlike IRCA and Exemplar badges (which in our opinion are commercially compromised), it is based on independent third-party assessment.  It is a ‘university grade’ standard in use globally by schools, colleges, and universities to demonstrate their competence.