News & Commentary on ISO Management System Standards

    ISO 45001 Needs Both Risk Management & Risk-based Thinking


    You'll need Risk Management Methods & Tools.

    Unlike ISO 9001, the Occupational Health and Safety Management System (OHSMS) Standard requires the application of OH&S Risk Management Methods in Clause 6.1.

    What is ISO 45001:2018 About?

    ISO 45001:2018 can be best summed up by the titles of the different ISO 45001 clauses, namely:

    • Actions to address risks and opportunities - general (ISO 45001:2018 Clause 6.1.1)
    • Hazard identification (in the workplace) (ISO 45001:2018 Clause
    • Assessment of OH&S risks and other risks to the OH&S management system (ISO 45001:2018 Clause
    • Assessment of OH&S opportunities and other opportunities to the OH&S management system (ISO 45001:2018 Clause
    • Legal requirements and other requirements e.g., industry codes of practice (ISO 45001:2018 Clause 6.1.3)
    • Planning Action  to mitigate (reduce or control) risk (ISO 45001:2018 Clause 6.1.4)

    The question then is: what tools and methods can be used to effectively assess workplace hazards and guide us towards effective actions to control them?  Below are some answers.

    CTA Gap Analysis ISO 45001


    Analysis of Risk Assessment Tools & Methodologies for OHSMS

    A useful review of risk assessment tools and methods was included in OHSAS 18001. We’ve updated it. 

    A word of warning: in using these tools: there is a tendency not to regularly review and update them.  This is a serious mistake as the initial use is frequently based largely on expert opinion whereas reviews and updates are based on outcomes and measurements – in short - facts.

    Assessment Tools Comparison: Strength and Weaknesses

    Assessment Tool



    Checklists/ Questionnaires

    Easy to use

    Use can prevent "missing something" in initial evaluations

    Often limited to yes/no answers

    Only as good as the checklist used - it may not consider unique situations

    Risk Matrices

    Relatively easy to use

    Provides visual representation

    Doesn't require the use of numbers

    Only 2-dimensional - can't consider multiple factors impacting risk

    A pre-determined answer may not be appropriate to the situation

    Ranking / Voting Tables

    Relatively easy to use

    Good for capturing expert opinion

    Allows for consideration of multiple risk factors (e.g. severity, probability, detectability, data uncertainty)

    Requires use of numbers

    If the quality of the data is not good, the results will be poor

    Can result in comparison of incomparable risks

    Failure mode and effects analysis (FMEA);

    Hazard and operability studies (HAZOP)

    Good for detailed analysis of processes

    Allows input of technical data

    Needs expertise to use it

    Needs numerical data to input into analysis

    Takes resources (time & money)

    Better for risks associated with equipment than those associated with human factors

    Exposure Assessment Strategy

    Good for analysis of data associated with hazardous materials and environments

    A fundamental activity if the consistency of approach and realistic evaluation of risk is to be achieved

    Needs the expertise to use

    Needs numerical data to input

    Often requires the use of workplace monitoring and measuring equipment

    Computer Modelling

    If you have the data, computer modelling can give good answers

    Best for larger workplaces where enough data is more likely available

    Generally, uses numerical inputs and is less subjective

    Significant time and money needed to develop and validate

    Potential for over-reliance on the results, without questioning their validity


    Examples of Applications of Risk Assessment Tools

    For an effective site-wide OH&S Risk Assessment a combination of these tools is needed. For example, in assessing human workplace activities checklists are often best; while FMEAs are frequently chosen for the assessment of workplace processes (where the assessment is focused in a step-by-step manner on the activities that go to make up the process).

    ISO 45001 e-Book


    Where to Get Risk Management Tools

    Our ISO 45001 training courses, ISO 45001 Lead Implementer and ISO 45001 Transition Training, both include Risk Management Tools in their ISO 45001 Documentation Toolkit.


    Table thumbnail showing the full list of ISO 45001 training courses that deGRANDSON offers and a button leading to its overview page.  


    Click on the image thumbnail to see the table of courses in full size or click on the buttons on the other side to go to our ISO 45001 course overview or FAQ pages.


    Related Articles

    deGRANDSON Global is an ISO Certified Educational Organization

    In October 2021 we secured certification to three education-related ISO Standards.  We now have a university-grade management system in place conforming to the requirements of  …

    • ISO 21001, Educational Organizational Management System,
    • ISO 29993, Learning Services outside formal Education,  and
    • ISO 29994, Learning Services – additional requirements for Distance Learning.

    We have chosen ISO 21001 certification because, unlike IRCA and Exemplar badges (which in our opinion are commercially compromised), it is based on independent third-party assessment.  It is a ‘university grade’ standard in use globally by schools, colleges, and universities to demonstrate their competence.


    Written by Dr John FitzGerald

    Director & Founder of deGRANDSON Global. Spent 15 years in the manufacturing industry and 25 years training, consulting & auditing management systems
    Find me on:

    Subscribe to Email Updates

    Recent Posts