ISO 45001 needs Risk Management & not just Risk-based Thinking (RBT)


You'll need Risk Management Methods & Tools

Unlike ISO 9001, the Occupational Health and Safety Management System (OHSMS) Standard requires the application of OH&S Risk Management Methods in Clause 6.1.


What is ISO 45001:2018 About?

ISO 45001:2018 can be best summed up by the titles of the different ISO 45001 clauses, namely:

  • Actions to address risks and opportunities - general (ISO 45001:2018 Clause 6.1.1)
  • Hazard identification (in the workplace) (ISO 45001:2018 Clause
  • Assessment of OH&S risks and other risks to the OH&S management system (ISO 45001:2018 Clause
  • Assessment of OH&S opportunities and other opportunities to the OH&S management system (ISO 45001:2018 Clause
  • Legal requirements and other requirements e.g., industry codes of practice (ISO 45001:2018 Clause 6.1.3)
  • Planning Action  to mitigate (reduce or control) risk (ISO 45001:2018 Clause 6.1.4)

The question then is: what tools and methods can be used to effectively assess workplace hazards and guide us towards effective actions to control them?  Below are some answers.

CTA Gap Analysis ISO 45001


Analysis of Risk Assessment Tools and Methodologies for OH&S Management Systems

A useful review of risk assessment tools and methods was included in OHSAS 18001. We’ve updated it. 

A word of warning: in using these tools: there is a tendency not to regularly review and update them.  This is a serious mistake as the initial use is frequently based largely on expert opinion whereas reviews and updates are based on outcomes and measurements – in short - facts.

Assessment Tools Comparison: Strength and Weaknesses

Assessment Tool



Checklists/ Questionnaires

Easy to use

Use can prevent "missing something" in initial evaluations

Often limited to yes/no answers

Only as good as the checklist used - it may not consider unique situations

Risk Matrices

Relatively easy to use

Provides visual representation

Doesn't require the use of numbers

Only 2-dimensional - can't consider multiple factors impacting risk

A pre-determined answer may not be appropriate to the situation

Ranking / Voting Tables

Relatively easy to use

Good for capturing expert opinion

Allows for consideration of multiple risk factors (e.g. severity, probability, detectability, data uncertainty)

Requires use of numbers

If the quality of the data is not good, the results will be poor

Can result in comparison of incomparable risks

Failure mode and effects analysis (FMEA);

Hazard and operability studies (HAZOP)

Good for detailed analysis of processes

Allows input of technical data

Needs expertise to use it

Needs numerical data to input into analysis

Takes resources (time & money)

Better for risks associated with equipment than those associated with human factors

Exposure Assessment Strategy

Good for analysis of data associated with hazardous materials and environments

A fundamental activity if the consistency of approach and realistic evaluation of risk is to be achieved

Needs the expertise to use

Needs numerical data to input

Often requires the use of workplace monitoring and measuring equipment

Computer Modelling

If you have the data, computer modelling can give good answers

Best for larger workplaces where enough data is more likely available

Generally, uses numerical inputs and is less subjective

Significant time and money needed to develop and validate

Potential for over-reliance on the results, without questioning their validity


Examples of Applications of Risk Assessment Tools

For an effective site-wide OH&S Risk Assessment a combination of these tools is needed. For example, in assessing human workplace activities checklists are often best; while FMEAs are frequently chosen for the assessment of workplace processes (where the assessment is focused in a step-by-step manner on the activities that go to make up the process).

ISO 45001 e-Book


Where to Get Risk Management Tools

Our ISO 45001 training courses, ISO 45001 Lead Implementer and ISO 45001 Transition Training, both include Risk Management Tools in their ISO 45001 Documentation Toolkit.




Click on the image thumbnail to see the table of courses in full size or click on the buttons on the other side to go to our ISO 45001 course overview or FAQ pages.


Related Articles


deGRANDSON Global is an ISO Certified Educational Organization

In October 2021 we secured certification to three education-related ISO Standards.  We now have a university-grade management system in place conforming to the requirements of  …

  • ISO 21001, Educational Organizational Management System,
  • ISO 29993, Learning Services outside formal Education,  and
  • ISO 29994, Learning Services – additional requirements for Distance Learning.

We have chosen ISO 21001 certification because, unlike IRCA and Exemplar badges (which in our opinion are commercially compromised), it is based on independent third-party assessment.  It is a ‘university grade’ standard in use globally by schools, colleges, and universities to demonstrate their competence.


Written by Dr John FitzGerald

Director & Founder of deGRANDSON Global. Spent 15 years in the manufacturing industry and 25 years training, consulting & auditing management systems
Find me on:

Subscribe to Email Updates

Recent Posts