You'll need Risk Management Methods & Tools
Unlike ISO 9001, the Occupational Health and Safety Management System (OHSMS) Standard requires the application of OH&S Risk Management Methods in Clause 6.1.
What is ISO 45001:2018 About?
ISO 45001:2018 can be best summed up by the titles of the different ISO 45001 clauses, namely:
- Actions to address risks and opportunities - general (ISO 45001:2018 Clause 6.1.1)
- Hazard identification (in the workplace) (ISO 45001:2018 Clause 6.1.2.1)
- Assessment of OH&S risks and other risks to the OH&S management system (ISO 45001:2018 Clause 6.1.2.2)
- Assessment of OH&S opportunities and other opportunities to the OH&S management system (ISO 45001:2018 Clause 6.1.2.3)
- Legal requirements and other requirements e.g., industry codes of practice (ISO 45001:2018 Clause 6.1.3)
- Planning Action to mitigate (reduce or control) risk (ISO 45001:2018 Clause 6.1.4)
The question then is: what tools and methods can be used to effectively assess workplace hazards and guide us towards effective actions to control them? Below are some answers.
Analysis of Risk Assessment Tools and Methodologies for OH&S Management Systems
A useful review of risk assessment tools and methods was included in OHSAS 18001. We’ve updated it.
A word of warning: in using these tools: there is a tendency not to regularly review and update them. This is a serious mistake as the initial use is frequently based largely on expert opinion whereas reviews and updates are based on outcomes and measurements – in short - facts.
Assessment Tools Comparison: Strength and Weaknesses |
||
Assessment Tool |
Strengths |
Weaknesses |
Checklists/ Questionnaires |
Easy to use Use can prevent "missing something" in initial evaluations |
Often limited to yes/no answers Only as good as the checklist used - it may not consider unique situations |
Risk Matrices |
Relatively easy to use Provides visual representation Doesn't require the use of numbers |
Only 2-dimensional - can't consider multiple factors impacting risk A pre-determined answer may not be appropriate to the situation |
Ranking / Voting Tables |
Relatively easy to use Good for capturing expert opinion Allows for consideration of multiple risk factors (e.g. severity, probability, detectability, data uncertainty) |
Requires use of numbers If the quality of the data is not good, the results will be poor Can result in comparison of incomparable risks |
Failure mode and effects analysis (FMEA); Hazard and operability studies (HAZOP) |
Good for detailed analysis of processes Allows input of technical data |
Needs expertise to use it Needs numerical data to input into analysis Takes resources (time & money) Better for risks associated with equipment than those associated with human factors |
Exposure Assessment Strategy |
Good for analysis of data associated with hazardous materials and environments A fundamental activity if the consistency of approach and realistic evaluation of risk is to be achieved |
Needs the expertise to use Needs numerical data to input Often requires the use of workplace monitoring and measuring equipment |
Computer Modelling |
If you have the data, computer modelling can give good answers Best for larger workplaces where enough data is more likely available Generally, uses numerical inputs and is less subjective |
Significant time and money needed to develop and validate Potential for over-reliance on the results, without questioning their validity |
Examples of Applications of Risk Assessment Tools
For an effective site-wide OH&S Risk Assessment a combination of these tools is needed. For example, in assessing human workplace activities checklists are often best; while FMEAs are frequently chosen for the assessment of workplace processes (where the assessment is focused in a step-by-step manner on the activities that go to make up the process).
Where to Get Risk Management Tools
Our ISO 45001 training courses, ISO 45001 Lead Implementer and ISO 45001 Transition Training, both include Risk Management Tools in their ISO 45001 Documentation Toolkit.

Click on the image thumbnail to see the table of courses in full size or click on the buttons on the other side to go to our ISO 45001 course overview or FAQ pages.
Related Articles
- 10 reasons why ISO 45001 matters to SMEs
- ISO 45001 Certification: 21 FAQs answered
- Free ISO 45001 Implementation Handbook (200+ pages)
- ISO 14971 Risk Management: 12 FAQs answered
- The Swiss Cheese Model of Risk Management Explained
deGRANDSON Global is an ISO Certified Educational Organization
In October 2021 we secured certification to three education-related ISO Standards. We now have a university-grade management system in place conforming to the requirements of …
We have chosen ISO 21001 certification because, unlike IRCA and Exemplar badges (which in our opinion are commercially compromised), it is based on independent third-party assessment. It is a ‘university grade’ standard in use globally by schools, colleges, and universities to demonstrate their competence.