BSI Standards Publication: Occupational Health and Safety Management Systems

BS 45002‑0:2018
BSI Standards Publication
Occupational health and safety

management systems
Part 0: General guidelines for the application of ISO 45001

BS 45002‑0:2018 BRITISH STANDARD
Publishing and copyright information
The BSI copyright notice displayed in this document indicates when the document was last issued.
The British Standards Institution 2018
Published by BSI Standards Limited 2018
ISBN 978 0 580 92725 6
ICS 03.100.01; 13.100
The following BSI references relate to the work on this document:

Committee reference HS/1
Draft for comment 17/30334814 DC;
Amendments/corrigenda issued since publication
Date Text affected
© THE BRITISH STANDARDS INSTITUTION 2018 – ALL RIGHTS RESERVED

BRITISH STANDARD BS 45002‑0:2018
Contents Page
Foreword ii
Introduction 1
1 Scope 1
2 Normative references 1
3 Terms and definitions 2
4 Context of the organization 2
Figure 1 — The PDCA cycle 5
5 Leadership and worker participation 5
6 Planning 7
7 Support 11
8 Operation 15
9 Performance evaluation 19
Figure 2 — Typical audit process 20
10 Improvement 21
Bibliography 23
Summary of pages
This document comprises a front cover, and inside front cover, pages i to ii, pages 1 to 23, an inside back cover and
a back cover.
© THE BRITISH STANDARDS INSTITUTION 2018 – ALL RIGHTS RESERVED i

Foreword
Publishing information
This part of BS 45002 is published by BSI Standards Limited, under licence from The British
Standards Institution, and came into effect on 31 March 2018. It was prepared by Technical
Committee HS/1, Occupational health and safety management. A list of organizations represented
on these committees can be obtained on request to their secretary.
Supersession
This British Standard, including its constituent parts, replaces BS OHSAS 18002:2008 and BS 18004:
2008, which are withdrawn.
Use of this document

As a guide, this part of BS 45002 takes the form of guidance and recommendations. It should
not be quoted as if it were a specification or a code of practice and claims of compliance cannot
be made to it.
Presentational conventions
The guidance in this standard is presented in roman (i.e. upright) type. Any recommendations are
expressed in sentences in which the principal auxiliary verb is “should”.
Commentary, explanation and general informative material is presented in smaller italic type, and does
not constitute a normative element.
Where words have alternative spellings, the preferred spelling of the Shorter Oxford English
Dictionary is used (e.g. “organization” rather than “organisation”).
Websites referred to in this standard were last viewed on 1 February 2018.
Contractual and legal considerations

This publication does not purport to include all the necessary provisions of a contract. Users are
responsible for its correct application.
Compliance with a British Standard cannot confer immunity from legal obligations.
ii © THE BRITISH STANDARDS INSTITUTION 2018 – ALL RIGHTS RESERVED

Introduction
An occupational health and safety (OH&S) management system can help an organization
manage health and safety in the workplace for workers and other people affected by the
organization’s activities.
Organizations wishing to implement an OH&S management system for the first time, or generally
improve OH&S performance, can use this document without direct reference to ISO 45001.
Organizations that wish to claim compliance with the requirements in ISO 45001 need to refer
directly to ISO 45001 when using this document.
This British Standard provides a framework to help organizations successfully implement an OH&S
management system based on ISO 45001, in a way that is proportionate to the organization's
specific health and safety risks. For example, organizations with less complex and/or less hazardous
operations often have a good idea of their main workplace risks whether there is an existing
management system in place or not. ISO 45001 and this guidance provide a framework for managing
OH&S risks in a more structured way and for identifying any gaps that need to be addressed.
ISO 45001, like other ISO management system standards, is based on the Plan – Do – Check – Act
(PDCA) cycle and uses risk-based thinking as a method of identifying risks and opportunities in all
parts of the cycle to improve performance and minimize negative outcomes.
The guidance needs to be followed in a way that reflects the hazards identified and their related
OH&S risks, without adding unnecessary levels of complexity or cost. Similarly, this guidance
recommends that organizations only create or store documented information if it is necessary for
the effective establishment, implementation and maintenance of the OH&S management system, or
required by law. When considering the supply chain, organizations need to note that smaller and/or
less complex organizations can have less extensive documented information and still meet relevant
requirements.
NOTE 1 For further guidance, see and the Health and Safety Executive (HSE) guidance, Health and Safety Made
Simple (http://www.hse.gov.uk/simple-health-safety/).
NOTE 2 Under UK law, organizations cannot delegate legal responsibility for the day-to-day control of their OH&S
risks even if third-party expertise, advice or services are used.
1 Scope
This British Standard describes the intent of individual clauses in ISO 45001 and provides guidance
to help organizations implement an OH&S management system based on ISO 45001.
NOTE This British Standard does not add to, subtract from, or in any way modify the requirements of ISO 45001,
nor does it prescribe mandatory approaches to implementation.
2 Normative references
There are no normative references in this document.
NOTE Organizations can use this document without direct reference to ISO 45001, however, organizations that
wish to claim conformity to ISO 45001 should refer directly to ISO 45001 when using this document.
© THE BRITISH STANDARDS INSTITUTION 2018 – ALL RIGHTS RESERVED 1

3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO 45001 apply.
NOTE 1 There are a number of terms defined in ISO 45001, including commonly used terms. However, when using
ISO 45001 it is important to take note of these technical definitions to ensure there is no misunderstanding in
its application. For example, small businesses do not always realize that the term “organization” refers to small
businesses as well as larger companies (or public bodies, charities, etc.). Organization can also be used to describe
one part of a business, e.g. one department or one site – if that is the extent of the OH&S management system.
Similarly, the term “top management” refers to whoever directs or controls the organization – the top level decision-
maker(s). In practical terms, top management can mean a small business owner, the executive board or, in a non-
hierarchical structure, everyone involved in taking high level decisions.
The definition of “worker” is also worth noting. In ISO 45001 worker is all-inclusive and refers to everyone working
under the control of the organization, including business owners, executive boards, senior managers, interns,
volunteers, all employees and contractors.
The dictionary definition for participation relates to the action of taking part in something, whilst in the application
of ISO 45001 it means specific involvement in decision-making, e.g. jointly undertaking a risk assessment and
agreeing actions, being involved in deciding the organization’s OH&S policy and objectives.
NOTE 2 All of the terms and definitions within ISO 45001 can be found on the ISO Online Browsing Platform:
http://iso.org/obp.
4 Context of the organization

COMMENTARY ON CLAUSE 4
This clause provides guidance on understanding what an organization is and does, and what can affect
an organization’s ability to manage its OH&S responsibilities and achieve its intended outcomes.
This includes identifying interested parties, together with their needs and expectations, which assists
in determining the scope of the organization’s management system and putting in place the processes
needed to support it.
4.1 Understanding the organization and its context

How issues relating to context are determined depends on the size and/or complexity of the
organization, e.g. a multi-national organization can have different sites, departments and activities,
and therefore, the processes used to identify issues should reflect this complexity. A one-person
business is likely to be less complex and as such, assessing issues relating to context can be simpler.
The nature of the organization is as important as its size, e.g. a five-person chemical manufacturer can
have complex issues and use multiple processes to determine them, whilst a large factory producing a
single product might find it appropriate to discuss context in a routine meeting.
The organization should identify all relevant issues (i.e. any that can affect the OH&S management
system and its intended outcomes) and then determine those that require further attention (see 6.1).
“External” issues can include, but are not limited to:
a) relationships with external providers such as contractors or suppliers;
b) new technologies;
c) key drivers or perceptions relevant to the organization’s industry or sector, e.g. a move from high
street retailing towards more online business can affect OH&S issues);
d) cultural, social and political factors;
e) relevant legislation;
2 © THE BRITISH STANDARDS INSTITUTION 2018 – ALL RIGHTS RESERVED

f) location of operation(s); and

g) changes to any of the above.
“Internal” issues can include, but are not limited to:
1) the size, nature and activities (e.g. what it does or makes) of the organization;
2) the way the organization is managed and its business objectives;
3) resources, knowledge and competence (e.g. financial capital, numbers and capabilities of
workers, technologies);
4) planned or foreseeable changes and how these are managed.
NOTE These lists are not exhaustive, nor do all of the issues given as examples necessarily apply to every
organization.
Depending on the size and/or complexity of operations, a simple approach such as asking
“what if” questions can be useful; alternatively, structured methods such as SWOT (Strengths,
Weaknesses, Opportunities and Threats) or PESTLE (Political, Economic, Social, Technological, Legal,
Environmental) analysis can be used.
ISO 45001 does not require a formal process or that documented information (e.g. a written or
electronic record of what was done or what the conclusions are) is created to prove that issues
relevant to the OH&S management system have been determined, although this can be useful. It is up
to each organization to decide what suits their needs.
4.2 Understanding the needs and expectations of workers and other interested parties
An organization should identify interested parties who can affect or could be affected by the OH&S
management system. These are the “relevant” interested parties.
Interested parties can include, but are not limited to:
a) workers at any level;
b) customers;
c) legal and regulatory authorities;
d) parent organizations;
e) external providers, including suppliers, contractors and subcontractors;
f) workers’ organizations (e.g. trade unions) and employers’ organizations;
g) owners, shareholders, clients, visitors;
h) insurers;
i) the local community;
j) the general public; and
k) the media.
The organization should take the time to understand its relevant interested parties’ needs and
expectations, determining the ones that are relevant to the OH&S management system and should
be addressed.
In some instances, the needs and expectations of different interested parties can overlap with each
other and with those of the organization and these can therefore be considered together, e.g. both the
media and local community can be concerned about the safety around a construction site – it is the
issue that is important, not the various interested parties.

4.3 Determining the scope of the OH&S management system

Once the organization has determined its external and internal issues (see 4.1) and understands the
needs of relevant interested parties (see 4.2) it should consider what the OH&S management system
is to cover, e.g. an organization can choose to cover everything it does on all sites or limit it to a single
physical location.
The scope of the management system should include all of the activities under the organization's
control (or influence) that can impact the OH&S performance.
EXAMPLE
Control
If a shop implements an OH&S management system it should ensure that deliveries and operations in
the stockroom are covered, as well as activities on the shop floor.
Influence
Before sending workers to operate at an external site, an organization should engage with the site
operators to ensure that information is shared on:
a) health and safety risks associated with that site that can affect the organization’s workers; and
b) precautions necessary to ensure work can be carried out safely and without risk to health.
Once the scope is defined, the concept of “organization” in ISO 45001 and in this British Standard
is limited to what the scope covers, e.g. if the scope of the OH&S management system is limited to a
particular team or department, the rest of the organization is now considered an external provider or
other interested party.
The scope should be kept as documented information, in a format relevant to the organization, e.g. an
electronic or paper document, audio or video recording or a visual representation.
4.4 OH&S management system

The OH&S management system should reflect the context of the organization, e.g. be proportionate to
its size and/or complexity and be properly resourced.
The OH&S management system should be aligned and integrated with other business processes and
objectives to ensure that OH&S performance is not compromised to ensure that other objectives can
be met, e.g. delivery objectives should not mean working so fast that it leads to safety short-cuts.
The organization should apply a PDCA approach towards its OH&S management system, as illustrated
in Figure 1.
a) Plan – decide what the organization wants to achieve (taking into account the needs of interested
parties, risks and opportunities), and put in place the necessary processes and resources.
b) Do – put the plans into action.
c) Check – monitor and measure processes and performance against requirements and what you
want to achieve.
d) Act – take actions on lessons learned and to improve performance.

Figure 1 — The PDCA cycle
NOTE Further guidance on PDCA in relation to OH&S is provided by the HSE (http://www.hse.gov.uk/managing/
plan-do-check-act.htm).
5 Leadership and worker participation

This clause provides guidance on how to demonstrate leadership related to the OH&S management
system and ensure adequate worker participation in its development, implementation and improvement.
This includes developing an OH&S policy, outlining roles, responsibilities and authorities for the OH&S
management system, and the processes necessary for consultation and participation of workers.
5.1 Leadership and commitment

Leadership, commitment and active support from top management are critical for the success of the
OH&S management system and achieving its intended outcomes. If workers see that top management
takes OH&S performance seriously, this cascades down through the organization and helps establish
a positive OH&S culture.
Leadership and commitment can be shown by, for example:
a) aligning the OH&S management system with the organization’s business objectives;
b) making sure the necessary resources are available;
c) encouraging workers and other relevant interested parties to get actively involved in improving
OH&S performance;
d) involving everyone in OH&S decision-making that affects them;
e) promoting open discussion about OH&S matters; and
f) ensuring the emphasis is on improvement rather than blame.
The organization can improve OH&S culture by, for example:
1) providing clear and consistent leadership;
2) promoting formal and informal involvement of workers;

3) making sure rules or processes are practical and proportionate to the risks;
4) responding to serious incidents by applying appropriate rules and safeguards rather than
imposing measures across all activities regardless of need; and
5) considering long-term, delayed and hidden impacts, e.g. extended time between exposure to a
hazard and ill health.
5.2 OH&S policy

OH&S policy is a set of commitments to achieve positive OH&S outcomes.
The responsibility for establishing, implementing and maintaining an OH&S policy rests with the
organization’s top management.
To meet the requirements of ISO 45001 the OH&S policy should be available as documented
information (see 7.5).
Commonly accepted practice is a one-page statement of key principles, however, the policy could
also be presented as a poster, a web page or anything else which meets the organization’s needs and
complies with legal or other requirements.
NOTE Under UK legislation, there is no requirement for businesses employing less than five people to create a
"written" policy; however, workers need to be able to state what the policy is.
In developing its OH&S policy, an organization should ensure the agreed commitments align with
other policies in the organization and that workers understand the overall commitment of the
organization to OH&S.
The policy should take account of:
a) the current OH&S situation and what the organization wants to achieve;
b) broader business objectives; and
c) opportunities for improving the health and safety of workers.
The policy should be reviewed periodically to ensure that it remains relevant and appropriate to the
organization. It is up to the organization how often this review is done.
If changes are made, the revised policy should be communicated, as appropriate.
5.3 Organizational roles, responsibilities and authorities

Top management is responsible for the OH&S management system, even if day-to-day decisions and
work are delegated to others. What is delegated and to whom should be clear and communicated
effectively so that anyone affected understands who is responsible for what.
5.4 Consultation and participation of workers

Involvement of workers in the OH&S management system and the processes that support it is a
key requirement of effective OH&S management as it enables the organization to make informed
decisions and increases worker engagement.
Workers involved in day-to-day activities and those closest to the risk can provide insight into
potential problems. Decisions made jointly with these workers are more likely to be effective. The
organization does not need to involve every worker in every decision, however, or act on every
suggestion. Consultation and participation should be both effective and proportionate, e.g. purchase
of a new first aid kit does not need consultation or participation of all workers.
It is up to the organization to determine the best way(s) of ensuring effective consultation
and participation and whether it needs to set up formal mechanisms such as health and safety
committees. Once mechanisms have been determined, it is important that they are given full top

management support. Consultation is about seeking workers' views, and considering them, before
making a decision; participation is about joint decision-making, e.g. jointly assessing risks and
agreeing actions, or deciding the organization's OHS policy and objectives.
A small organization can include all workers in discussions and decision-making. For larger
organizations, it can be more effective to consult with one or more workers’ representatives than
attempt to consult with large numbers of workers directly. Other mechanisms for consultation
and participation include, for example, focused team meetings, workshops, worker surveys and
suggestion schemes.
The organization should take into account the specific issue(s) being considered when choosing
the best way to find out workers’ views and how much time and resource should be devoted to
consultation and participation on a particular topic. Relevant non-managerial workers affected by
the issue should be involved in deciding what the best mechanism is to ensure their concerns are
addressed and to encourage engagement.
The organization should ensure that processes for consultation and participation of workers include
contractors and other relevant people, e.g. volunteers or people working in parts of the organization
not covered by the management system but carrying out work under the organization’s control. This
can include, for example, consultation with contractors on issues such as dealing with hazards which
might be new or unfamiliar to them.
6 Planning
This clause provides guidance on how to plan for the OH&S management system, including identifying
and assessing the risks and opportunities associated with it and the actions necessary to deal with these
risks and opportunities.
This includes hazard identification, determining legal requirements and other requirements, i.e. other
commitments the organization has made, and setting objectives for improvement.
6.1 Actions to address risks and opportunities

6.1.1 General
The overall purpose of planning for the OH&S management system is:
a) to determine the risks that can affect OH&S performance and the management system;
b) to manage these risks; and
c) to determine where there are opportunities to improve OH&S performance and the OH&S
management system.
Planning should be proportionate to the level of risk identified and the objectives of the organization
as a whole, taking into account the context of the organization, including the needs and expectations
of relevant interested parties (see Clause 4).
Whilst the organization should consider all potential risks to OH&S performance, it is not necessary
to keep detailed documented information for all of them. The focus should be on those hazards which
are most likely to occur and/or have the most impact and lead to the most significant risks.
For opportunities, focus should be on those that can realistically be acted upon, with priority given to
those that can most improve performance.

6.1.2 Hazard identification and assessment of risks and opportunities
6.1.2.1 Hazard identification

Hazard identification helps the organization recognize and understand hazards in the workplace
in order to plan how to eliminate them and reduce risks. The process should identify work-related
sources, situations or circumstances with the potential to cause injury or ill-health.
Hazard identification should be an on-going process, not a singular or timed event. It should take
into account normal activities, day-to-day fluctuations (e.g. variations caused by holidays, illness or
staff changes) and planned changes, such as a major refurbishment. The process should look at both
physical aspects, including facilities, equipment, materials, substances, and the working environment
(light, noise, temperature) and human factors, including the potential for human error.
Ways of identifying hazards can vary, e.g. an organization can begin by looking around the
workplace, looking at manufacturers’ instructions, reviewing past accidents/incidents and by
consulting workers.
Hazards can be categorized in many ways, for example:
a) physical (e.g. working at height),
b) chemical, biological (e.g. viruses, bacteria, harmful plants);
c) psychosocial (e.g. stress, bullying, harassment);
d) physiological (e.g. extreme temperatures); and
e) mechanical and/or electrical.
Checklists can be used as a reminder of the types of potential hazards, however, such checklists are
never exhaustive.
NOTE Further guidance on hazard identification is provided by the HSE (http://www.hse.gov.uk/risk/identify-
the-hazards.htm).
6.1.2.2 Assessment of OH&S risks and other risks to the OH&S management system
Each organization should choose an appropriate way to assess risks, taking into account its own
situation and activities. Whatever methods are chosen, they should be appropriate in balancing levels
of risk with detail, complexity, time, cost and availability of reliable data.
Workers involved in the day-to-day activities should participate in the assessment of risks so that a
full understanding is gained.
Some organizations develop generic risk assessments for typical activities taking place in different
sites or locations. These can be a useful starting point for developing customized assessments for
a particular situation. This approach can also help make the process more efficient and improve
consistency of assessments for similar tasks. Care should be taken, however, to ensure that generic
assessments fully consider the differing contexts of sites or situations.
The organization should consider the consequences of both short-term and long-term exposure to
hazards and how risks can be increased by other factors, e.g. exposure to fumes in a well-ventilated
space can present a much lower risk than the same exposure in a confined space, but the level of risk
can be increased by additional factors such as extreme temperature or prolonged exposure.
NOTE 1 For further information, see the HSE guidance on control of substances hazardous to health (http://www.
hse.gov.uk/coshh/index.htm).
The organization should consider the appropriate methodology and criteria for assessing risks
associated with different types of hazards, e.g. methods for assessing stress differ from those related
to exposure to chemicals.

If an assessment method uses descriptions for assessing severity or likelihood of harm, they should
be clearly defined, e.g. clear definitions of terms such as likely/unlikely, minor/major/catastrophic
are needed to ensure that people interpret them in the same way.
Particular attention should be given to the risks to sensitive (e.g. pregnant workers) and vulnerable
groups (e.g. young workers, inexperienced workers).
NOTE 2 For further information, see the HSE guidance (http://www.hse.gov.uk/vulnerable-workers/).
The organization should also consider risks which are not directly related to the health and safety
of people but which affect the OH&S management system itself and can have an impact on its
intended outcomes.
Risks to the OH&S management system include:
a) failure to address the needs and expectations of relevant interested parties;
b) inadequate planning or allocation of resources;
c) an ineffective audit programme;
d) poor succession planning for key roles; and
e) poor engagement by top management.
6.1.2.3 Assessment of OH&S opportunities and other opportunities to the OH&S management system
Opportunities to improve OH&S performance can include:
a) considering hazards and risks when planning and designing a new facility, buying equipment or
introducing a new process and other planned changes;
b) alleviating monotonous work or work at a pre-determined work rate by ensuring workers are
rotated to other activities; and
c) using technology to improve OH&S performance, e.g. automating high-risk activities.
Opportunities to improve the OH&S management system can include:
1) making top management’s support for the OH&S management system more visible, e.g.
through communications such as social media or highlighting OH&S performance in strategic
business plans;
2) improving the organizational culture related to safety and training;
3) enhancing incident investigation processes;
4) increasing worker participation in OH&S decision-making; and
5) collaborating with other organizations in forums which focus on OH&S.
6.1.3 Determination of legal requirements and other requirements

An organization’s legal requirements and other requirements depend on its context (see Clause 4)
and the requirements can change over time. They include requirements based on hazards and OH&S
risks related to the organization’s activities (see 6.1.2) and can include:
a) legal requirements, such as:
1) regulations and supporting HSE codes of practice;
2) orders issued by regulators, e.g. an improvement or prohibition notice by the HSE or local
authority inspector;
3) permits, licences or other forms of authorization; and

b) other requirements such as:

1) requirements of parent or partner organizations, customers and insurers;
2) collective bargaining agreements;
3) voluntary adherence to sector or trade body guidance;
4) agreements with workers and other interested parties;
5) conformity to voluntary standards, codes of practice, technical specifications,
charters, etc; and
6) public commitments of the organization or its parent organization.
To fulfil all requirements, the organization should ensure that legal requirements and other
requirements can be identified, evaluated for applicability, accessed, communicated and kept up
to date, e.g. by visiting regulatory websites and receiving notifications of new laws, or by receiving
updates from trade associations.
Legal requirements and other requirements relevant to an organization are applicable to its:
1) activities;
2) processes;
3) equipment;
4) materials;
5) workers; and;
6) location(s), including specific facilities.
The organization should ensure that relevant workers know how to access information on applicable
legal requirements and other requirements. It isn’t necessary to keep copies of the requirements;
knowing how to access them and being able to do so when needed is enough.
NOTE For guidance on legal requirements, see the HSE website (http://www.hse.gov.uk/managing/legal.htm).
Trade bodies and other organizations can also provide guidance.
6.1.4 Planning action

The organization should ensure specific plans are in place for the elimination of hazards and
reduction of OH&S risks, either through the OH&S management system or through other business
systems, e.g. business continuity, financial or human resource management, or a combination
of processes.
When a need to control hazards is identified, the planning activity should determine how the controls
are implemented (see Clause 8). Controls can sometimes take the form of measuring or monitoring
(see Clause 9). The effectiveness of the actions taken to control hazards can be measured through the
OH&S management system or through other management systems.
6.2 OH&S objectives and planning to achieve them

6.2.1 OH&S objectives
The organization should establish objectives in order to maintain and improve the OH&S
management system and to achieve continual improvement in OH&S performance.
Objectives should be linked to the OH&S risks, opportunities and performance criteria which the
organization has identified as having the highest priority. These should be proportionate to the scale,
complexity and nature of the organization, e.g. for a small and/or low risk organization one or two
simple objectives could be sufficient.

Once a level of performance has been achieved and no further improvement is practicable, an
objective can be set to maintain that level of performance until new opportunities are identified.
Types of objectives can include those to:
a) achieve a numerical value (e.g. reduce manual handling incidents by 20%, increase OH&S
training by 20%);
b) eliminate hazards or introduce controls (e.g. noise reduction);
c) introduce less hazardous materials in specific products;
d) increase worker satisfaction in relation to OH&S (e.g. by acting on worker suggestions);
e) increase awareness of, or competence in, performing work tasks safely; and
f) meet legal requirements before they come into force.
OH&S objectives can be broken down into tasks, depending on the size of the organization,
complexity of the objective and the intended timescale.
6.2.2 Planning to achieve OH&S objectives

When planning to achieve its OH&S objectives, the organization should determine:
a) what is to be done and by when;
b) the resources needed;
c) who is responsible; and
d) how the results are to be evaluated.
The organization should decide how OH&S objectives are documented and how it plans to achieve
them, e.g. it can develop formal project plans for complex objectives with multiple tasks or choose to
create a simple flow chart or bullet point list for simple objectives.
NOTE It can sometimes be useful to keep information on the background and reasons for particular objectives, to
help with future review, but this is not a requirement.
7 Support
This clause provides guidance on the support needed to ensure the OH&S management system can
function effectively, including the resources, competence, communication, awareness and requirements
for documented information.
7.1 Resources
The organization should decide on the resources needed to achieve OH&S objectives, e.g. money,
people, equipment, organizational knowledge, and any constraints, e.g. budget, schedules, that should
be taken into account.
7.2 Competence
To improve OH&S performance, it is important that both the organization and individual workers
understand what it means to be “competent” and how this can be achieved and demonstrated.
Competence includes being able to spot hazards and assess risks as well as having the ability to
perform activities in a way that protects the health and safety of workers.
The organization should ensure competence requirements are established, and that workers have
the relevant competence to carry out their activities in a safe and healthy way. The competence

of workers typically comprises a mixture of education, training, skills, and experience and can be
demonstrated in different ways, including formal qualifications.
As well as a general understanding of competence requirements, the organization and its workers
should identify tasks that require a specific level of competence before they can be carried out, e.g.
welding or non-destructive testing. It might also be necessary for workers to be formally qualified for
some tasks, e.g. forklift or truck driving.
When a worker does not meet, or no longer meets, competence requirements, action should be taken.
Actions can include, but are not limited to:
a) mentoring the worker;
b) providing training and/or supervision;
c) simplifying the work or activity so that competence requirements are reduced without
compromising OH&S performance; and/or
d) re-assigning work to someone with the necessary competence.
The organization should evaluate the effectiveness of actions taken to increase competence. For
example, the organization can ask workers who have received training whether they consider
themselves to have achieved the necessary competence to do their work or assess the worker’s
competence through role play, peer review or supervision.
When work is carried out by an external provider, the organization can put in place additional
controls such as specifying competence requirements in contracts or service level agreements, or
performing audits of the outsourced activities or functions. The organization is responsible for
determining the action to be taken and this can vary, depending on how critical the competence is in
ensuring OH&S objectives are met.
The organization should retain appropriate documented information that provides evidence of a
worker’s competence, e.g. existing HR and other information such as CVs or training logs.
7.3 Awareness
Every worker should be made aware of the OH&S management system, what it is trying to achieve,
how it affects them and how their own actions can affect it. This is achieved when workers fully
understand their own responsibilities and authority to act, and how their actions contribute to the
achievement of OH&S objectives and the effectiveness of the OH&S management system.
Workers should also be made aware of relevant hazards and related OH&S risks that can impact
them, including those that might not be related to their individual activities, e.g. hazards arising from
other activities taking place nearby. Any investigations into incidents that relate to these hazards or
risks, or a potential situation that could affect workers, should also be communicated, along with any
corrective actions taken to prevent repeat incidents. Appropriate communication (see 7.4) is key to
achieving the necessary level of awareness.
7.4 Communication
7.4.1 General
It is up to the organization to decide how it communicates information about the OH&S management
system to workers. Communications should be suitable for the audience, taking into account diversity
such as gender, language, culture, literacy and disability.
The communications needs of shift workers, remote workers and part-time workers should be met,
as appropriate.

It is also important to consider the complexity of the organization to ensure that messages are
communicated effectively across different levels and functions, e.g. whilst in some situations a page
on the intranet or an email might work, in others a one-to-one or team meeting, poster, video or
handy wallet card might be more effective.
7.4.2 Internal communication

Communication within the organization should include information relating to:
a) top management’s commitment to the OH&S management system (e.g. programmes undertaken
and resources committed to improving OH&S performance);
b) how workers can raise concerns and/or make suggestions;
c) the OH&S policy, including what it means at a practical level for workers;
d) the identification of hazards and their related risks (e.g. information on process flows, materials
in use, equipment specifications and observation of work practices) and opportunities that the
organization intends to act on;
e) OH&S objectives and actions being taken to improve performance;
f) progress in eliminating OH&S hazards and risks (e.g. status reports showing the progress of
projects that have been completed or are underway);
g) changes that might impact the OH&S management system; and
h) incident investigation (e.g. the type of incidents that are taking place, factors that can contribute
to the occurrence of incidents, the outcomes of investigations and resulting actions).
7.4.3 External communication

Communication with people outside the organization can differ from internal communication. The
extent of the communication should be related to the OH&S risks faced by external interested parties
such as contractors and other visitors, as well as the local community and emergency services,
and take into account any relevant legal requirements and other requirements, e.g. statutory
incident reporting.
It is important to develop and maintain arrangements for communicating with contractors and
other visitors to the workplace. This can be done in different ways, depending on what needs to be
communicated and who it needs to be communicated to.
Contracts are often used to communicate OH&S performance requirements to external providers
such as contractors, but the organization should also use methods such as on-site induction to raise
awareness to individual workers of relevant hazards and risks, local rules and precautions, or actions
to be taken in case of emergency.
In addition to communicating performance requirements, the organization should communicate the
consequences associated with nonconformity with OH&S requirements, e.g. the impact of an accident
or incident or the possibility of cancelling a contract due to poor OH&S performance.
If anything changes in relation to OH&S over the course of a period of work, this should be
communicated to external providers as soon as possible.
In addition to communication about specific OH&S requirements for activities being carried out, the
following should also be taken into account when communicating with external providers:
a) the need to align external interested parties’ OH&S policies and processes with those of the
organization and other contractors at the worksite;
b) previous OH&S performance, trends and incidents;

c) the use of multiple contractors at the worksite;

d) emergency arrangements;
e) the need for additional consultation and/or provision for high-risk tasks;
f) processes for incident investigation, reporting problems and taking corrective action; and
g) arrangements for day-to-day communications.
Tools such as warning signs, posters, videos or audio messages can be effective methods of
communicating to occasional and infrequent visitors, to the workplace, e.g. delivery people,
customers, members of the public.
When deciding what should be communicated to such visitors, the organization should consider
issues such as:
1) specific OH&S processes and practices relevant to their visit, e.g. wearing a hard hat on a
construction site, or hearing protection in a noisy environment;
2) emergency evacuation arrangements and if there are planned drills during the time of the visit;
3) traffic controls; and
4) accessibility.
The organization should ensure arrangements are in place for receiving, recording and responding
to relevant communications from external interested parties and for providing relevant information
in an accessible and timely way. Appointing designated contacts can be an effective way of ensuring
communication is consistent. This can be especially important in emergency situations where regular
updates are requested.
7.5 Documented information

7.5.1 General
Organizations should create and keep documented information relating to the OH&S management
system and its processes to the extent that it is necessary for effectiveness.
NOTE 1 Attention is drawn to relevant legal requirements and other requirements.
An extensive paper trail and record-keeping do not by themselves promote good OH&S management.
Documented information should be driven by what is needed for effective OH&S management, rather
than for its own sake.
Documented information can be whatever suits the organization and the task at hand, e.g. electronic
spreadsheets, notes on smart phones, photographs, traditional log books or work instructions, online
instruction videos. For many organizations, a mix of different types of documented information
works well.
When there is a requirement to maintain documented information, this means keep it up to date.
A requirement to retain means that the information should be kept safely, unaltered, to provide
a record. When working electronically, version controls and passwords can be effective ways of
ensuring documented information is not changed without authorization.
In general, ISO 45001 is not prescriptive about the level of documented information required. This
varies from organization to organization, e.g. documented information needed for a small local
bakery is likely to be simpler and less extensive than that required by an international automotive
parts manufacturer which has very specific customer (statutory and regulatory) requirements.

7.5.2 Creating and updating

Where it is necessary for the OH&S management system, documented information should be
identified and described. This can mean giving something a title, e.g. “Site rules” on a poster, a
reference number, e.g. “20180101 Management meeting minutes”, or anything else that helps
uniquely identify it to make sure the correct piece of documented information can be found.
When creating documented information, the following should be considered:
a) translating into other languages;
b) software versions;
c) whether it is compatible with smart phones or tablets; and
d) accessibility for those with special needs, e.g. audio versions of text.
7.5.3 Control of documented information

Having decided on the documented information needed for the OH&S management system, the
organization should ensure it is available for all relevant workers at all levels and functions as well as
any relevant external, interested parties.
The same documented information can be presented in different formats for different users, however,
controls should be put in place to ensure it is used as intended, e.g. data cannot be changed without
permission and confidentiality is maintained on sensitive information.
8 Operation
This clause provides guidance on the operational planning and control necessary for the OH&S
management system and includes eliminating hazards and reducing OH&S risks, managing change,
emergency preparedness and response as well as guidance on procurement, contractors and
outsourcing.
8.1 Operational planning and control

8.1.1 General
Processes should be established to enable the OH&S management system to achieve its intended
outcomes and these processes should be controlled.
Examples of the processes needed include, but are not limited to those for:
a) consultation and participation of workers;
b) hazard identification and risk assessment;
c) determination of, and compliance with, legal requirements and other requirements;
d) communication;
e) management of change;
f) emergency preparedness and response; and
g) monitoring, measurement, analysis and performance evaluation.
Controls and criteria relating to those processes can include, for example:
1) documentation and detailed systems of work;
2) specifications for the procurement of goods and services;

3) ensuring compliance with regulations and manufacturers’ instructions;

4) checking and raising the competence of workers;
5) maintenance and inspection programmes, e.g. routine housekeeping;
6) health surveillance, work permits; and
7) adapting work to workers, e.g. reasonable adjustments for workers with specific needs,
appropriate design of workplaces, etc.
When planning and developing operational controls, priority should be given to control options with
higher reliability in preventing work-related injury and ill health.
The controls should take into account both existing processes and any new processes introduced to
achieve the organization’s objectives.
8.1.2 Eliminating hazards and reducing OH&S risks

OH&S risks are commonly managed using a system called the hierarchy of controls. The hierarchy
of controls provides a structured guide to eliminating hazards and reducing or controlling OH&S
risks. Each step is less effective than the one before, although several steps can often be combined to
effectively reduce risks to a level that is as low as reasonably practicable.
When deciding what is reasonably practicable, best practices and technological options should be
taken into account, together with financial, operational and business requirements.
The following examples illustrate control measures that can be implemented at each level:
a) hazard elimination: removing the hazard completely, e.g. through workplace re-design or
process change;
b) substitution: if a hazard cannot be removed, replacing the dangerous by the non-dangerous, or
the less dangerous; e.g. using water-based paint rather than solvent-based paint, or buying pre-
cut building materials instead of cutting on-site;
c) engineering controls/work reorganization: if a hazard cannot be removed completely or replaced
with something less harmful, practical changes can be made to reduce the risk, e.g. machine
guarding or local exhaust ventilation systems, providing physical separation of pedestrians
and vehicles, alarms, changing working hours, reducing the effect of monotonous activities by
rotating workers;
d) administrative controls/training: e.g. safety signs, using standard operating instructions,
emergency instructions, training in manual handling or to recognize the symptoms of stress; and
e) personal protective equipment (PPE): e.g. hard hats, safety shoes, hearing protection.
The control measures should be checked, as necessary, to make sure they work as well as intended
and to see if any better ways of controlling the risks can be implemented. It is also important to
regularly check that any equipment used as a control works properly, e.g. machinery guarding,
interlocks, fire alarms, sprinklers, carbon monoxide monitors.
Administrative controls should also be evaluated, e.g. floor walking to check workers are following
work instructions, consulting with workers to ensure no one is working excessive hours or
skipping breaks.
8.1.3 Management of change

The organization should plan for change and ensure sufficient resources are available to make sure
that changes do not introduce new and unforeseen hazards (see 6.1.4) or increase the OH&S risks.
Planned changes also give organizations the chance to implement opportunities for improvements
(see 6.1.2).

8.1.4 Procurement
8.1.4.1 General
Procurement processes should be used to control potential hazards and reduce OH&S risks
associated with something being introduced into the workplace, e.g. products, raw materials,
substances, new equipment, services, etc.
Before use, the organization should check that what has been procured is suitable and any related
hazards or OH&S risks are at an acceptable level.
For example, the organization can put in place a process to check that:
a) equipment is delivered according to specification and tested to ensure it works as intended;
b) installations function as designed;
c) materials are delivered according to their specifications; and
d) usage requirements, precautions or other protective measures are available and communicated
to workers and others who could be affected.
8.1.4.2 Contractors
The organization should delegate authority to those best capable of identifying, evaluating and
controlling OH&S risks, including, where necessary, contractors with specialized knowledge, skills,
methods and means. Organizations should note, however, that this delegation does not eliminate the
organization’s responsibility for the health and safety of its workers.
Contracts that clearly define the responsibilities of everyone involved can help organizations to
manage contractors’ activities effectively. Contract award mechanisms or pre-qualification criteria
which take account of past OH&S performance, safety training, or health and safety capabilities, as
well as direct contract requirements, can be helpful.
How an organization manages often diverse and complex relationships with contractors can vary,
depending on the nature and extent of the services provided and the associated hazards and risks.
When deciding how to coordinate, the organization should consider factors such as:
a) reporting of hazards between itself and its contractors;
b) controlling worker access to hazardous areas and activities;
c) reporting contractor or interested party injuries and/or ill-health; and
d) processes to follow in emergencies.
8.1.4.3 Outsourcing
When an organization outsources activities, e.g. billing, printing, internal auditing, welding,
galvanizing, chrome plating, spray painting, rather than carrying them out internally, it still retains
responsibility for OH&S risks and ensuring appropriate controls are in place.
An outsourced function or process is one that:
a) is integral to the organization’s functioning;
b) is within the scope of the OH&S management system; and
c) is perceived by interested parties as being carried out by the organization itself.
The type and degree of control to be applied to outsourced functions and processes should be
defined within the OH&S management system and the organization should put in place appropriate
controls both to make sure that the external provider understands what is needed and to assure the
organization that this is being carried out in an acceptable way.

Controls can include such things as contractual requirements, training, inspections and risk
assessments.
8.2 Emergency preparedness and response

The organization should identify potential emergency situations and plan its response in proportion
to the risk. The organization should focus on proactive control measures (e.g. the elimination of
ignition sources), as well as reactive risk controls (e.g. fire-fighting equipment and evacuation).
In planning its emergency response, the organization should take account of the needs of relevant
interested parties, e.g. workers, visitors, emergency services and neighbours. The identified
emergency situations should be subject to regular review, taking into account the potential impact of
any changes to processes or systems of work (see 8.1.3).
When planning, the organization should take into account previous similar emergencies
and the findings of any associated investigation as well as general considerations of its own
situation, including:
a) numbers and locations of workers and other people who could be affected;
b) availability of local emergency services and details of any emergency response arrangements
in place; and
c) competence of workers and needs of vulnerable people.
Emergency plans should be made available to all workers, visitors and contractors, including
individual copies for workers with specific roles and responsibilities. Organizations should
ensure the plans are kept in accessible locations and in different media, e.g. physical copies such
as posters or printed instructions in case of power failure, as well as electronic copies that can be
accessed remotely.
The emergency plans should describe the roles, responsibilities and authorities of those with
specified duties, identified by job role, rather than by name.
Guidance should be given as to what is considered an emergency, who has the authority to declare an
emergency, how it is to be communicated to workers and other relevant interested parties, including
the emergency services.
Instructions should contain actions to be taken in an emergency by those affected, including how to
raise the alarm and call for help, evacuation procedures, and locations of safe places, utility isolation
points, emergency equipment, up-to-date site plans and who has an emergency role.
Every worker with specific roles and responsibilities for emergency response should be competent to
fulfil them. A number of workers can be trained to undertake the role of emergency controller with
the objective that, in the event of an emergency, one worker takes the team leader role supported by
the other trained workers.
A control centre should be placed in a location unlikely to be affected by a major emergency, e.g. a
large fire, explosion or release of a hazardous substance.
If the level of risk identified is significant it can be helpful to structure the response team on three
levels; the top level dealing with strategic control, the second dealing with operational control and the
third with control matters at the location of the emergency.
Emergency response equipment and supplies should be located in secure and easily accessible
places, protected from damage. The equipment should be subject to regular testing to ensure that
it is working. People who are designated to use the emergency equipment should have regular
refresher training.

Periodic testing of emergency plans is needed to ensure that the organization, its workers and, where
necessary, the emergency services can appropriately respond to the emergency situation. For a small,
low risk organization, this might simply be a periodic fire evacuation drill.
It is essential that those with specific roles and responsibilities are fully involved in testing, the
results of which can be used to identify, and therefore correct, any deficiencies.
The results of the testing and any corrective actions should be kept as documented information.
This information should be reviewed with the test planners and participants to share feedback and
recommendations for further improvement.
NOTE For further guidance on managing emergencies, see the HSE guidance, Emergency procedures (http://
www.hse.gov.uk/toolbox/managing/emergency.htm).
9 Performance evaluation
This clause provides guidance on evaluating the performance of the OH&S management system.
Guidance is given regarding what needs to be monitored, measured and analysed, including
legal requirements and other requirements, together with arrangements for internal audits and
management review.
9.1 Monitoring, measurement, analysis and performance evaluation

9.1.1 General
Organizations are not required to monitor or measure everything. The processes that are put in
place should be useful, appropriate for what is being evaluated and proportionate to the level of risk
involved, e.g. routinely checking that machine guards are in place and effective in protecting workers
from harm is important, whilst annual electrical testing of a desk fan usually is not, and can be
substituted by a visual check.
9.1.2 Evaluation of compliance

Exactly what the organization has to comply with is determined by its context and the scope of the
OH&S management system (see Clause 4 and Clause 6).
The organization should prioritize actions based upon the identified levels of compliance and any
identified areas of nonconformance, specifically, where the organization is not complying with legal
requirements and other requirements.
NOTE Legal compliance is the minimum standard in determining the effectiveness of the OH&S
management system.
9.2 Internal audit

9.2.1 General
Internal audits are an effective way of checking how the organization is performing.
They should be carried out to provide information on the performance and effectiveness of the OH&S
management system, to ensure that planned arrangements have been implemented and that the
OH&S management system is effectively maintained.
9.2.2 Internal audit programme

Internal audits should be relevant to what materially affects the organization's OH&S performance
and how the OH&S objectives are achieved, e.g. audits can include reviews of accident and incident

logs, subsequent investigations, and that planned corrective actions have been taken and are working
as intended.
Audits should be planned and carried out by people who understand what they are auditing.
NOTE See Figure 2 for a typical audit process.
How an audit is carried out, how often and who by depends on the size and complexity of the
organization and its activities. Workers do not need to be professional auditors or have a formal
auditing qualification; however, they should meet the competence requirements set out by the
organization and be given appropriate guidance and training if necessary.
Ideally, audits should be conducted by workers who are not directly involved in the processes or
activities being audited to ensure that they are carried out as objectively as possible and the results
are unbiased. In small organizations this is not always possible and it is acceptable for someone to
audit their own work, although every effort should be made to remove bias and encourage objectivity.
Audits are more effective in an organization that has a positive OH&S culture and the objectives of the
audit are to identify areas for improvement rather than attribute blame for nonconformities.
The organization should ensure that all elements of the audit, (e.g. planning schedule, scope and
criteria, names of auditors, results, nonconformities and corrective actions taken or other outcomes
such as improvement plans) are kept as documented information. This can be in a format suitable
to the organization, whether this is formal audit plans and reports or less traditional formats, such
as data stored spreadsheets or in emails. It is important that all of the information is available to
relevant parties.
Figure 2 — Typical audit process
9.3 Management review

Management review is critical to ensure continual improvement of the OH&S management system.
The purpose of these reviews is for top management to undertake a strategic and critical evaluation
of the performance of the OH&S management to ensure it continues to be:
a) suitable – does it still fit the organization, its operations and culture?
b) adequate – is it still appropriate and sufficient?
c) effective – does it achieve the intended outcomes?
The review should include all the listed topics given in ISO 45001:2018, 9.3 a) to g); however, they
need not necessarily be addressed at the same time. The organization should determine when and
how the topics are to be addressed.

The management review should draw a conclusion as to the continuing suitability and effectiveness
of the OH&S management system and include any necessary decisions related to:
1) any need for changes to the OH&S management system;
2) continual improvement opportunities;
3) resource needs;
4) other actions needed, including to improve integration with other business processes; and
5) implications for the strategic direction of the organization.
Relevant outputs of the management review should be communicated to workers and, when
applicable, their representatives (see 7.4.1).
The organization should retain documented information as evidence of management review.
10 Improvement
This clause provides guidance on making improvements to the OH&S management system, including
guidance on how to handle incidents, nonconformities, taking corrective actions and achieving continual
improvement in the long term.
10.1 General
The organization should identify opportunities for improvement and implement the necessary
actions in order to achieve the intended outcomes of the OH&S management system.
10.2 Incident, nonconformity and corrective action

Organizations should have processes in place for reporting and investigating incidents and other
nonconformities, and for taking action to correct them and deal with their consequences.
Incidents, including near-misses, should be investigated so that under-reporting, recurrence or
escalation into more serious incidents can be prevented.
When an OH&S issue is raised by a worker, or indicated by monitoring, sickness absence trends, or
medical reports, the situation should be treated as an incident and investigated accordingly.
Examples of incidents and nonconformities include, but are not limited to:
a) incidents: work-related near-miss events, injuries and ill health, exposures to health hazards,
occupational diseases, property and equipment damage that can lead to OH&S risks, traffic
accidents; and
b) nonconformities: protective equipment not functioning properly, failure to apply legal
requirements, prescribed procedures not being followed.
The aim of an incident investigation is to determine what happened, why it happened, and what can
be done to prevent it from happening again. This means not only considering the immediate causes,
but also the underlying or root causes and taking corrective actions to address these causes. When
determining cause(s), the organization should ensure the analysis is focused on prevention and not
on blame or punishment.
Almost all incidents have multiple causes. These can be related to a range of factors, including human
behaviour, types of tasks and processes, equipment, competency or management of the organization.
The investigation should identify all areas that need improvement, including improvements to the
OH&S management system and propose suitable corrective actions.

Examples of corrective actions include, but are not limited to:

a) moving up the hierarchy of controls (see 8.1.2);
b) re-design, modification of replacement of equipment or tools;
c) improving processes or implementing specific procedures;
d) improving the competence of workers and/or the way work is organized; and
e) changes in and use of personal protective equipment.
The level of investigation should be proportionate to the potential health and safety consequences
of the incident. The incident should be reported and recorded internally and, where appropriate,
reported externally to relevant authorities.
NOTE For further guidance on how to make a Reporting of Injuries, Diseases and Dangerous Occurrences
Regulations (RIDDOR) report, see the HSE guidance (http://www.hse.gov.uk/riddor/report.htm).
It is good practice for minor incidents/near misses to be reported internally and investigated, to
prevent reoccurrence or similar incidents becoming more serious. Investigating and acting on such
incidents in a timely and transparent way can help build a culture of trust and cooperation between
workers at different levels.
Where practicable, the investigation should be led by someone independent of the activities being
investigated, and should include a worker or worker representative.
Recommendations should be communicated to all who might benefit from the lessons. It is good
practice to implement recommendations as quickly as possible, as a visible sign that management are
concerned about OH&S. Top management should always review investigation reports of significant
incidents and nonconformities.
10.3 Continual improvement

Continual improvement in the suitability, adequacy and effectiveness of the OH&S management
system needs to be demonstrated. Such improvement should be focused on enhancing OH&S
performance and the culture that supports the OH&S management system.
Continual improvement can be achieved by a step-by-step approach to improve the OH&S
management system and OH&S performance over time as well by innovation.
Examples include:
a) the introduction and implementation of accepted good practice and benchmarking to improve
processes and reduce risks;
b) implementing suggestions and recommendations from workers and other interested parties; and
c) applying new technology, materials, etc.

Bibliography
Standards publications
For dated references, only the edition cited applies. For undated references, the latest edition of the
referenced document (including any amendments) applies.
ISO 45001:2018, Occupational health and safety management systems — Requirements with
guidance for use

NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW
British Standards Institution (BSI)

BSI is the national body responsible for preparing British Standards and other
standards-related publications, information and services.
BSI is incorporated by Royal Charter. British Standards and other standardization
products are published by BSI Standards Limited.
About us Reproducing extracts

We bring together business, industry, government, consumers, innovators For permission to reproduce content from BSI publications contact the BSI
and others to shape their combined experience and expertise into standards Copyright & Licensing team.
-based solutions.
The knowledge embodied in our standards has been carefully assembled in Subscriptions
a dependable format and refined through our open consultation process. Our range of subscription services are designed to make using standards
Organizations of all sizes and across all sectors choose standards to help easier for you. For further information on our subscription products go to
them achieve their goals. bsigroup.com/subscriptions.
With British Standards Online (BSOL) you’ll have instant access to over 55,000
Information on standards British and adopted European and international standards from your desktop.
We can provide you with the knowledge that your organization needs It’s available 24/7 and is refreshed daily so you’ll always be up to date.
to succeed. Find out more about British Standards by visiting our website at You can keep in touch with standards developments and receive substantial
bsigroup.com/standards or contacting our Customer Services team or discounts on the purchase price of standards, both in single copy and subscription
Knowledge Centre. format, by becoming a BSI Subscribing Member.
PLUS is an updating service exclusive to BSI Subscribing Members. You will
Buying standards
automatically receive the latest hard copy of your standards when they’re
You can buy and download PDF versions of BSI publications, including British revised or replaced.
and adopted European and international standards, through our website at
To find out more about becoming a BSI Subscribing Member and the benefits
bsigroup.com/shop, where hard copies can also be purchased.
of membership, please visit bsigroup.com/shop.
If you need international and foreign standards from other Standards Development
With a Multi-User Network Licence (MUNL) you are able to host standards
Organizations, hard copies can be ordered from our Customer Services team.
publications on your intranet. Licences can cover as few or as many users as you
wish. With updates supplied as soon as they’re available, you can be sure your
Copyright in BSI publications
documentation is current. For further information, email [email protected].
All the content in BSI publications, including British Standards, is the property
of and copyrighted by BSI or some person or entity that owns copyright in the Revisions
information used (such as the international standardization bodies) and has
Our British Standards and other publications are updated by amendment or revision.
formally licensed such information to BSI for commercial publication and use.
We continually improve the quality of our products and services to benefit your
Save for the provisions below, you may not transfer, share or disseminate any
business. If you find an inaccuracy or ambiguity within a British Standard or other
portion of the standard to any other person. You may not adapt, distribute,
BSI publication please inform the Knowledge Centre.
commercially exploit, or publicly display the standard or any portion thereof in any
manner whatsoever without BSI’s prior written consent.
Useful Contacts
Storing and using standards Customer Services
Standards purchased in soft copy format: Tel: +44 345 086 9001
Email (orders): [email protected]
• A British Standard purchased in soft copy format is licensed to a sole named
user for personal or internal company use only. Email (enquiries): [email protected]
• The standard may be stored on more than 1 device provided that it is accessible Subscriptions
by the sole named user only and that only 1 copy is accessed at any one time. Tel: +44 345 086 9001
• A single paper copy may be printed for personal or internal company use only. Email: [email protected]
Standards purchased in hard copy format: Knowledge Centre

• A British Standard purchased in hard copy format is for personal or internal Tel: +44 20 8996 7004
company use only. Email: [email protected]
• It may not be further reproduced – in any format – to create an additional copy.
Copyright & Licensing
This includes scanning of the document.
Tel: +44 20 8996 7070
If you need more than 1 copy of the document, or if you wish to share the Email: [email protected]
document on an internal network, you can save money by choosing a subscription
product (see ‘Subscriptions’). BSI Group Headquarters
389 Chiswick High Road London W4 4AL UK
BS 45002‑1:2018

management systems – General
guidelines for the application
of ISO 45001
Part 1: Guidance on managing occupational health
© The British Standards Institution 2018
ISBN 978 0 580 98866 0
ICS 03.100.01; 13.100
Draft for comment 18/30362020 DC
Date Text affected

Contents Page
Foreword ii
0 Introduction 1
1 Scope 1
3 Te r m s a n d d e fi n i ti o n s 2
6 Planning 3
7 Support 5
8 Operation 7
10 Improvement 8
Annex A (informative) Range of OH professionals 9
Table A.1 — OH professional roles — risk prevention and control aspects of occupational health
management 9
Table A.2 — OH professional roles — measurement, monitoring and diagnosis of occupational
health management 10
Table A.3 — OH professional roles — ongoing occupational health management including
continued treatment, assessments of fitness for return to work 11
Bibliography 12
Summary of pages
a back cover.
© THE BRITISH STANDARDS INSTITUTION 2018 – ALL RIGHTS RESERVED I

Foreword
This British Standard is published by BSI Standards Limited, under licence from The British
Standards Institution, and came into effect on 31 July 2018. It was prepared by Technical Committee
HS/1, Occupational health and safety management. A list of organizations represented on this
committee can be obtained on request to its secretary.

As a guide, this British Standard takes the form of guidance and recommendations. It should
n o t b e q u o te d a s i f i t we r e a s p e c i fi c a ti o n o r a c o d e o f p ra c ti c e a n d c l a i m s o f c o m p l i a n c e c a n n o t
be made to it.

II © THE BRITISH STANDARDS INSTITUTION 2018 – ALL RIGHTS RESERVED

0 Introduction
Occupational ill health from workplace exposure to health risks is the leading cause of work‑related
deaths and life‑changing conditions. There is growing recognition that work relevant psychological
and social (psychosocial) risks, including work‑related stress, are a major factor in lost working
days and low productivity. It is estimated that work‑related ill health currently cost the UK economy
billions annually.
T h e fi r s t p r i o r i ty o f o c c u p a ti o n a l h e a l th ( O H ) i s to f
o c u s o n th e p re ve n ti o n o f o c c u p a ti o n a l i l l
health such that it enables an organization to meet legal requirements and other requirements.
The standard can also provide a framework for health improvement more widely. This can include
opportunities to assess the effects of the health of the worker on their work, and attention to wider
well‑being and health promotion issues.
OH is the prevention of work‑related ill health and the promotion of good health by assessing the
effects of work on the health of the worker and the health of the worker on their work.
OH management prevents work‑related ill health, protects workers by controlling work‑related risk
and promotes good health.
A s tr u c tu r e d a p p r o a c h to m a n a g i n g O H a s s e t o u t i n th i s s ta n d a r d c a n b e n e fi t th e o r g a n i z a ti o n b y,
for example:
a) reducing the incidence of occupational ill health;
b) reducing costs, e.g. due to absenteeism;
c) reducing job turnover and improving worker retention;
d) increasing productivity;
e) greater health awareness and improved motivation; and
f) improving company image.
1 Scope
This British Standard provides guidance to organizations on how to:
a) reduce the risk of work‑related physical and mental ill health;
b) manage OH and improve OH performance; and
c) promote a positive OH culture.
This British Standard provides guidance to organizations on meeting the relevant requirements
of BS ISO 45001. It does not add to, subtract from, or in any way modify the requirements of
BS ISO 45001, nor does it prescribe mandatory approaches to implementation.
The British Standard is suitable for use by any organization regardless of type, size or maturity.
NOTE An organization can choose to address well-being within its OH management system, however,
BS ISO 45001 does not provide explicit requirements for well-being.
There are no normative references within this British Standard.
NOTE Organizations can use this document without direct reference to BS ISO 45001 , however, those that wish to
claim conformity to BS ISO 45001 need to refer directly to BS ISO 45001 when using this document.


Fo r th e p u r p o s e s o f th i s B r i ti s h S ta n d a rd th e te r m s a n d d e fi n i ti o n s g i ve n i n BS ISO 45001 and the
following apply.
NOTE 1 There are a number of terms defined in BS ISO 45001 , including commonly used terms. However, when
using BS ISO 45001 it is important to take note of these technical definitions to ensure there is no misunderstanding
in its application. For example, small businesses do not always realize that the term “organization” refers to them
as well as larger companies (or public bodies, charities, etc.). An organization can also be used to describe one part
of a business, e.g. one department or one site – if that is the extent of the OH&S management system. Similarly, the
term "top management” refers to whoever “directs or controls” the organization – the top level decision maker(s).
In practical terms, top management can mean a small business owner, the executive board or, in a non-hierarchical
structure, everyone involved in taking high-level decisions.
The definition of “worker” is also worth noting. In BS ISO 45001 worker is all-inclusive and refers to everyone
working under the control of the organization, including business owners, executive boards, senior managers,
interns, volunteers, all employees and contractors.
NOTE 2 All of the terms and definitions within BS ISO 45001 can be found on the ISO Online Browsing Platform:
http://iso.org/obp [last viewed 31 July 201 8].
3.1 medical surveillance

ongoing monitoring of the health of workers who might be exposed to hazardous substances or
situations at work, carried out by a licenced medical practitioner
3.2 occupational ill health

adverse effect on the physical or mental condition of a person arising from exposure to a workplace
health risk or work‑affecting condition
3.3 occupational health (OH)

adverse effect on the physical or mental condition of a person arising from exposure to a workplace
health risk, including where exposure aggravates a pre‑existing condition or the pre‑existing
condition affects the worker's ability to perform the task
3.4 well‑being
positive state of mental, physical and social health
NOTE In relation to the workplace, well-being can be indexed by assessing the extent to which people like their
job and sometimes also by indices of (mental) health. Other indicators organizations might use can include the
extent to which people find purpose and meaning in their job.

To m a n a g e O H e ff e c ti ve l y th e o r ga n i z a ti o n s h o u l d fi r s t c o n s i d e r i ts i n te r n a l a n d e x te r n a l c o n te x t .
Internal issues that affect OH management can include:
a) type of activities carried out (e.g. exposure to hazardous chemical, physical or biological
agents – see 6.2 );
b) work and employment practices (e.g. organizational change, contractual conditions, workload,
ergonomics);
c) workforce characteristics (e.g. number, experience, age of workers, diversity); and
d) location (e.g. where the activities take place, environmental factors such as extremes of
temperatures, or ventilation).

External issues can include:
1) legal requirements and other statutory requirements;
2 ) i n d u s tr y o r s e c to r - s p e c i fi c r e q u i re m e n ts ; a n d
3) other requirements with which the organization has or chooses to comply (e.g. environmental or
social responsibility).

Top management should ensure that the occupational health and safety (OH&S) policy includes OH
objectives (see 6.3 ) and that processes are in place to achieve these, including:
a) communicating a clear vision of OH for the organization;
b ) d e fi n i n g a p p r o p r i a te ro l e s a n d re s p o n s i b i l i ti e s r e ga r d i n g O H ; a n d
c) ensuring line managers and workers are able to carry out their roles and responsibilities, and
that they are aware of relevant occupational ill health, how to prevent it and where to get help;
and that competent OH advice is accessible.
Top management should demonstrate commitment to improving OH performance by:
1) supporting processes for the consultation and participation of workers in establishing effective
arrangements for meeting legal requirements and other requirements for occupational health
risk control;
2) promoting awareness of relevant OH risks and control measures, including through a physical
and mental health needs assessment;
3) implementing appropriate occupational health surveillance programmes and OH

monitoring; and
4) providing appropriate resources for OH management, ensuring all management systems

are aligned.
Once occupational health risks are under control, top management can demonstrate leadership by
promoting workplace health and/or well‑being initiatives (e.g. encouraging work‑life balance, regular
breaks, healthy eating, exercise).
6 Planning
6.1 General
The organization needs to plan effectively to manage OH, and should understand both the
risks associated with the usual operation of its business and those which occur occasionally or
unexpectedly through, for example:
a ) th e i n tr o d u c ti o n o f n e w o r m o d i fi e d p ro c e s s e s , a c ti vi ti e s , s i te ( s ) o r e q u i p m e n t , e . g . s e m i -
automation of tasks, without training workers to be familiar with the new technology;
b) changing demands from interested parties, e.g. pressures due to increased output by suppliers
leading to mental and/or physical health issues;
c) infrequent activities, e.g. inspections, maintenance, travel; and
d ) e m e r g e n c y s i tu a ti o n s , e . g . c h e m i c a l r e l e a s e s l e a d i n g to i l l h e a l th , fl u p a n d e m i c .

6.2 Identification and assessment of occupational health risks and opportunities

6.2.1 Risks
The organization should plan to eliminate OH hazards if it can. If it cannot eliminate the hazard, it
s h o u l d p l a n to r e d u c e th e r i s k to a s l o w a s i t c a n , ta ki n g i n to a c c o u n t th e l e ve l o f r i s k, th e b e n e fi t th a t
can be achieved, and the resources available (e.g. by using less hazardous materials, using quieter
equipment, reorganizing work ).
Occupational ill health is caused or made worse by worker exposure to different types of
hazards, including:
a) chemical (e.g. fumes, asbestos, silica, dusts);
b) physical (e.g. noise, vibration, extremes of temperature, extremes of pressure);
c) biological (e.g. bacteria, viruses, fungal spores, enzymes, animal proteins, genetic material);
d) ergonomic (e.g. lifting, lowering, pulling and pushing, posture, repetitive movement); and
e) psychosocial (e.g. job security, stress, bullying, harassment, excessive work demands, shift work,
work relationships, lack of control).
The organization should identify the hazards to which workers and those sharing the workplace are
exposed. The risk from exposure to the hazards should be assessed, based on:
1) likelihood;
2) extent of exposure; and
3) short and long‑term impact on health (including delayed onset, e.g. noise‑induced hearing loss).
NOTE 1 Many cases of OH disease can take many years to show (long latency), e.g. noise-induced hearing
loss, lung disease due to exposure to silica dust or asbestos. It is therefore essential to keep records of exposure
and health surveillance.
If there is a possibility that workers could be exposed to OH hazards that exceed legal limits, the
organization should plan appropriate occupational health surveillance, e.g. skin inspections, hearing
and lung function tests.
The organization should also consider hazards that can be created by a worker’s state of health for
which health monitoring could be appropriate. This is different from health surveillance. Examples of
this could include:
• pregnant workers;
• new mothers;
• vulnerable workers (e.g. workers with caring responsibilities, lone workers, night workers,
young and older workers);
• workers with pre‑existing health conditions; and
• workers required to perform safety critical roles (e.g. drivers, emergency response teams).
NOTE 2 The Health and Safety Executive provides further information on hazard identification, risk assessment
and legal requirements: http://www.hse.gov.uk/risk/identify-the-hazards.htm [Last viewed 31 July 201 8].
6.2.2 Opportunities
The organization should proactively consider OH opportunities, for example:
a) new equipment and technologies, such as adjustable desks or telephone headsets;
b ) c h a n g i n g wo r k a n d e m p l o ym e n t p ra c ti c e s , s u c h a s fl e x i b l e wo r ki n g , j o b r e d e s i g n , tra i n i n g a n d
development opportunities; and

c) improving working relationships through shared social activities and enhanced teamworking
opportunities.
6.3 OH objectives and planning to achieve them

T h e o r ga n i z a ti o n s h o u l d s e t s p e c i fi c O H o b j e c ti ve s th a t c a n b e e va l u a te d a n d ta ke i n to a c c o u n t b o th
short‑term and long‑term health effects. When setting OH objectives the organization should ensure
the objectives are achievable and integrated into wider organizational planning.
Objectives to improve OH performance can be phased over a planned period of time, taking into
a c c o u n t a va i l a b l e r e s o u r c e a n d p r i o r i ti z i n g th o s e wh i c h o ff e r th e g r e a te s t b e n e fi t i n r i s k re d u c ti o n .
Examples of OH objectives can include:
a) implement a management system with emphasis on OH within 12 months; and
b) reduce manual lifting operations by 50% by introducing equipment to assist workers with heavy
lifting, to prevent back injuries.
O n c e o c c u p a ti o n a l h e a l th o b j e c ti ve s h a ve b e e n s e t a s a fi r s t p r i o r i ty to s e c u re c o m p l i a n c e ( i f
necessary) and determine any desired improvements, well‑being objectives can also be set. These
could include:
1) make provision for social activities and achieve a 50% uptake; and
2) achieve a 30% increase in participation of workers in health improvement discussions.
When setting OH objectives and how to achieve them, the organization should consult with the
workers closest to the risk, or their representatives.
7 Support
7.1 Resources
The organization should decide on the resources needed to achieve OH objectives. The resources
a l l o c a te d to m a n a g e O H s h o u l d b e p r o p o r ti o n a te to th e O H r i s ks i d e n ti fi e d a n d th e s i z e a n d n a tu re o f
the organization.
Resources required could depend on:
a) knowledge within the organization of OH risks;
b) number and type of workers;
c) equipment and facilities; and
d) constraints, e.g. budget, schedule.

NOTE See Annex A for a list of online resources and professional institutions.
Large, well‑resourced organizations, or those with complex OH risks may choose to employ OH
professionals within the organization or outsourced service. Where the nature and scale of the risks
are low, the organization might choose to use an OH professional on a case by case basis.
7.2 Competence
The organization should ensure that workers at all levels have the required competence to carry
out their activities in a safe and healthy way. The organization might wish to further develop the
competence of workers to take day‑to‑day responsibility for OH management, including knowing
when and how to get additional support and services.

The competence of workers typically comprises a mixture of education, training, skills and
e x p e r i e n c e , a n d c a n b e d e m o n s tra te d i n d i ff e r e n t wa ys , i n c l u d i n g fo r m a l q u a l i fi c a ti o n s . C o m p e te n t
OH advice and guidance can be:
a) internal, including:
1) workers who have been trained in aspects of OH relevant to the hazards requiring
assessment or control; and
2 ) q u a l i fi e d O H p r o f
e s s i o n a l s ( s e e Annex A);
b) external, including:
1 ) s e r v i c e s p r o v i d e d b y a n o th e r o r ga n i z a ti o n o r q u a l i fi e d O H p r o f e s s i o n a l ; a n d
2) remote (e.g. services available via phone or electronically, including free services provided
by charities).
When work is carried out by an external provider, the organization should specify required
competency levels in the contract or service level agreement.
7.3 Communication and awareness

Workers at all levels should be made aware of relevant hazards and related health risks that could
affect them, including those that might not be related to their individual activities, and encouraged to
report concerns.
Any investigations into incidents that relate to health hazards or risks or a potential situation that
could affect their health should also be communicated, along with any corrective actions taken to
prevent a repeat of the incident and any improvement opportunity recommendations.

The organization should create and keep documented information that demonstrates its OH
management is fully functional and meets legal requirements and other requirements.
Documented information can include:
a ) p o l i c i e s a n d p r o c e s s e s fo r s p e c i fi c i s s u e s ;
b) evidence of how OH risks were assessed;
c) details of workers with OH roles and responsibilities;
d ) e v i d e n c e o f wo r ke r O H c o m p e te n c e ( e . g . tr a i n i n g i n f o r m a ti o n , q u a l i fi c a ti o n s , p e r f
o r m a n c e
appraisals) and evidence that establishes the competence of OH professionals (e.g. proof of
q u a l i fi c a ti o n s a n d r e l e va n t p r o f e s s i o n a l tra i n i n g ) ;
e) health records of workers from health surveillance, including details of check‑ups and screening
results, workplace exposure records, and medical records;
f) referrals to OH professional services;
g) legally required licences and authorizations, e.g. licenced asbestos work, radiation sources;
h) information on patterns, clusters and trends of ill health; and
i) health improvement information, e.g. reduced sickness absence days.
Documented information should be proportionate to the risks and the nature and complexity of
the organization. It may include, for example electronic spreadsheets, notes on mobile phones,
photographs, traditional log books or work instructions and online instruction videos. For many
organizations, a mix of different types of documented information works well.

Controls should be put in place to ensure documented information cannot be accessed and/or
changed by anyone without appropriate authorization, particularly in respect of individual workers.
NOTE There are specific requirements for the retention period of certain documents, see http://www.hse.gov.uk/
health-surveillance/record-keeping/index.htm [Last viewed 31 July 201 8.].
In general, BS ISO 45001 is not prescriptive about the level of documented information required.
This varies from organization to organization, e.g. documented information needed for a small local
bakery is likely to be simpler and less extensive than that required by an international automotive
p a r ts m a n u f
a c tu r e r wh i c h h a s ve r y s p e c i fi c c u s to m e r a n d s ta tu to r y a n d re g u l a to r y re q u i r e m e n ts .
8 Operation
The organization should make sure the controls it has put in place to manage the occupational ill
health risks (see Clause 6 ) are being used as intended.
A p p r o p r i a te a c ti o n s s h o u l d b e ta ke n to e n s u r e wo r ke r h e a l th i s p r o te c te d i f th e r e a r e s i g n i fi c a n t
changes in the organization or to activities, for example:

a) during times without the usual numbers of workers;
b) increased demand for products or services; and
c) new working locations.

The organization should make sure workers know what do in case of OH emergencies, including
equipment or plant failure, such as:
a) sudden ill health (e.g. asthma attacks, allergic reactions, or a worker suffering a heart attack);
b) serious behavioural or mental ill health incidences (e.g. psychotic episodes, emotional
breakdowns, consequences of violent attacks);
c) unexpected exposure to chemical, physical or biological agents; and
d) the death of a worker on site or when working in another workplace (e.g. immediate response,
who to notify).
Plans should include:
1) immediate actions and who is responsible for them, e.g. call an ambulance;
2 ) h o w to c o n ta c t fi r s t r e s p o n d e r s w i th i n th e o r ga n i z a ti o n , e . g . fi r s t- a i d e r s ;
3) contact details for external assistance, e.g. calling the emergency services;
4) how to manage the physical and psychological health of the affected workers, including
consequences such as post traumatic stress disorder (PTSD);
5) training requirements; and
6) procedures for contacting next of kin .

Measures such as maintenance, testing and examination of certain control measures and, in some
circumstances, health surveillance (see Clause 6 ) are legal requirements; as such, they are important
in monitoring OH performance.
H e a l th ( a n d m e d i c a l ) s u r ve i l l a n c e s h o u l d b e s u f
fi c i e n t to :
a) identify occupational ill health in workers, where any exposure could reasonably give rise to an
i d e n ti fi a b l e c o n d i ti o n , w i th va l i d d e te c ti o n m e a s u r e s ;
b) identify any trends or clusters of occupational ill health; and

c) identify if control measures are effective.
When an occupational ill health concern is raised by a worker (or their representative), or indicated
by adverse environmental monitoring or health surveillance health records, sickness absence trends
or information from a medical practitioner, these situations should be investigated.
Performance can also be evaluated through, for example, the results of OH audits against objectives.
Analysis of sickness absence and the outcomes of consultation with workers about their own health,
such as conversations with line managers, discussions in meetings and surveys can all be useful.
10 Improvement
10.1 Incidents
The organization should have processes in place to investigate the trends and clusters of occupational
ill health, and put in place suitable corrective actions.
When considering the cause of incidents and how to improve future OH performance, the
organization should take into account underlying factors both within and outside the workplace. For
example, the effects of prolonged exposure to a hazard can be caused by faulty protective equipment,
tiredness or injury, other people causing distraction, a perception of the need to complete the task
regardless of consequences, or any combination of these.
It is important that the organization understands and addresses the root cause or causes of
occupational ill health rather than correcting only what seems the initial cause.
10.2 Continual improvement

It is important not only to review how effective the organization’s OH management is but to take
actions to ensure that performance keeps improving. This can be done in many ways, for example by:
a) putting in place additional controls following investigation of incidents and sharing the
lessons learned;
b) reviewing processes for sickness absence monitoring (including trends) and rehabilitation in
support of timely and sustainable return to work after illness or injury; and
c) reviewing and improving current OH training and awareness.
In addition to effective occupational health management, the organization might choose to introduce
new health and well‑being initiatives as opportunities arise.

Annex A (informative)
Range of OH professionals
Workers trained in aspects of OH relevant to the hazards requiring assessment or control might be
the only source of advice needed (see 7.2 ). However, it is recognized that further guidance might
sometimes be required from competent organizations or individuals. Table A.1, Table A.2 and
Table A.3 provide a list of professional OH roles and links to information and advice.
NOTE Some roles can offer services in more than one area of occupational health management.
Table A.1 — OH professional roles — risk prevention and control aspects of occupational health management
Title Description Role Further information
Occupational Science graduate Identifying, assessing and www.bohs.org1)
hygenist with additional controlling health hazards in
education in the workplace;
occupational
health advice on how chemical,
physical and biological agents
affect health;
control of health risks by
assessing and resolving
practical problems;
support on the short and
long‑term effects on health
arising from acute and
chronic exposure to hazards
Ergonomist S c i e n Understanding relationship
ti fi c d i s c i p l i n e www.ergonomics.org.uk1)
dealing with human between people, equipment,
factors design;
system design to suit the
worker
Occupational Specialize in job and Prevention of workplace www.bps.org.uk1)
psychologist system redesign, stress through organizational
management and design; improving work/
organizational life balance; promoting/
development developing a positive and
health organization
1)
Last viewed 31 July 2018.

Table A.2 — OH professional roles — measurement, monitoring and diagnosis of occupational health management
Occupational health Registered nurse with Organization health risk www.fohn.org.uk1)
nurse additional training, assessment, advice on
education and management of health risks;
q u a l i fi c a ti o n i n
OH (SCPHN‑OH) absence management,

including capability and
workplace adjustments;
worker health assessment
o n fi tn e s s f
o r wo r k; h e a l th
surveillance; health
promotion and education
Occupational physician Q u a l i fi e d d o c to r w i th
Statutory medical www.fom.ac.uk1)
additional training, surveillance;
education and Medical examination
q u a l i fi c a ti o n i n
occupational health
c e r ti fi c a te s ;
(FFOM, MFOM) Some .
GPs have extra worker ill health diagnosis;

training in OH and can
provide a basic service opinion on complicated
(Dip Occ Med) cases of ill health and worker
capability;
opinion on ill health

retirement cases;
advice on OH&S policy;
It is important to
identify that OH doctors
organizational health risk
can be specialists and
management
non-specialists
Occupational health Can be in‑house Health screening; health
technician tr a i n e d , q u a l i fi e d to surveillance, including
L e ve l 4 , c e r ti fi c a te o r respiratory tests;
diploma level hearing tests;
ECG under supervision of
q u a l i fi e d O H p ra c ti ti o n e r /
physician)
1)

Table A.3 — OH professional roles — ongoing occupational health management including continued treatment,
assessments of fitness for return to work

Occupational Chartered physiotherapist Fitness for /return to work www.acpohe.org.uk1)
physiotherapist with additional training assessments;
and education in OH and health education and
ideally ergonomics promotion;
workplace assessment;
ergonomics and job
design;
rehabilitation plans;
delivery of training on
manual handling;
musculo‑skeletal disorders
clinical service
Counsellor Trained and accredited Talking therapies; www.bacp.co.uk1)
practitioner for short individual change;
or long‑term treatment enhancing well‑being
Clinical/counselling Psychologist specializing in Treatment of workplace www.bps.org.uk1)
psychologist psychotherapeutic principles stress and mental ill health
and behavioural change
Psychotherapist P o s t- g ra d u a te q u a l i fi c a ti o n i n Emotional problems; www.psychotherapy.org.
psychotherapy or uk1)
mental health issues;
psychotherapeutic
counselling coping with or bringing
about change;
improving mental and
emotional well‑being
Occupational Science degree‑based health Skilled in analysis of www.rcot.co.uk1)

therapist and social care regulated by practical consequences of
Health and Care Professions ill health or disability;
Council (HCPC)
advising employers on the
needs of sick or disabled
workers on return to
work;
helping overcome the

effects of disability caused
by illness, ageing or injury,
so that the worker can
carry out everyday tasks
and occupations
1)

Bibliography
BS 45002‑0, Occupational health and safety management systems — General guidelines for the
application of ISO 45001
BS ISO 45001, Occupational health and safety management systems — Requirements with
guidance for use
PAS 1010, Guidance on the management of psychosocial risks in the workplace
PAS 3002, Code of practice on improving health and well-being within an organization
Further reading
https://worksmart.org.uk/health‑advice/getting‑help/workplace‑help [Last viewed 31 July 2018]
http://www.nhshealthatwork.co.uk/workplacehealthforuk.asp [Last viewed 31 July 2018]
http://cohpa.co.uk/ [Last viewed 31 July 2018]
www.whatworkswellbeing.org [Last viewed 31 July 2018]
www.iosh.org.uk [Last viewed 31 July 2018]
www.hse.gov.uk [Last viewed 31 July 2018]
https://www.seqohs.org/ ‑ Setting standards in occupational health services provision [Last viewed
31 July 2018]

THIS PAGE DELIBERATELY LEFT BLANK



-based solutions.
a dependable format and re f ned through our open consultation process. Our range of subscription services are designed to make using standards
Buying standards PLUS is an updating service exclusive to BSI Subscribing Members. You will
To f nd out more about becoming a BSI Subscribing Member and the bene f ts
Copyright in BSI publications wish. With updates supplied as soon as they’re available, you can be sure your
of and copyrighted by BSI or some person or entity that owns copyright in the
Revisions
We continually improve the quality of our products and services to bene f t your
business. If you f nd an inaccuracy or ambiguity within a British Standard or other
Useful Contacts
Email (orders): orders@bsigroup. com
user for personal or internal company use only. Email (enquiries): cservices@bsigroup. com
• A single paper copy may be printed for personal or internal company use only. Email: subscriptions@bsigroup. com
company use only. Email: knowledgecentre@bsigroup. com
Tel: +44 20 8996 7070
If you need more than 1 copy of the document, or if you wish to share the Email: copyright@bsigroup. com
389 Chiswick H igh Road Lond on W4 4AL U K
BS 45002‑2:2019

of ISO 45001
Part 2: Risks and opportunities

ISBN 978 0 580 98865 3
ICS 03.100.01; 13.100

Date Text affected

Contents Page
Foreword ii
0 Introduction 1
1 Scope 1
3 Terms and definitions 1
6 Planning 4
7 Support 6
8 Operation 6
10 Improvement 8
Bibliography 9
Summary of pages
This document comprises a front cover, and inside front cover, pages i to ii, pages 1 to 9, an inside back cover and a
back cover.
© THE BRITISH STANDARDS INSTITUTION 2019 – ALL RIGHTS RESERVED i

Foreword
This British Standard is published by BSI Standards Limited, under licence from The British
Standards Institution, and came into effect on 28 February 2019. It was prepared by Technical
Committee HS/1, Occupational health and safety management. A list of organizations represented on
this committee can be obtained on request to its secretary.

As a guide, this British Standard takes the form of guidance and recommendations. It should
not be quoted as if it were a specification or a code of practice and claims of compliance cannot
be made to it.

ii © THE BRITISH STANDARDS INSTITUTION 2019 – ALL RIGHTS RESERVED

0 Introduction
Understanding risks and opportunities is vital to improving how well an organization manages
health and safety.
Managing health and safety is not simply looking at what the organization does and identifying risks
from, for example, working on a roof or handling chemicals. An effective occupational health and
safety (OH&S) management system uses risk-based thinking at every stage.
Risk-based thinking is not complex. A person automatically makes risk-based decisions.
a) When making a hot drink, we automatically hold the kettle by its handle to avoid burning
ourselves and choose a cup suitable for containing boiling water.
b) When crossing the road, we look for a gap in traffic or decide to use a crossing.
There are different types of risks and opportunities to consider, including:
1) OH&S risks to workers (what can hurt a worker?; what can make them ill?);
2) risks to the management system (what might stop the system from working well?, e.g. systems
not working together, technical breakdowns, lack of trained staff);
3) opportunities to improve OH&S performance (what can make your workplace safer or your
working practices healthier?, e.g. getting rid of faulty equipment or making sure workers take
regular breaks during their working day); and
4) opportunities to improve the management system (what can make all of the parts of the
organization’s system work better together?, e.g. better communication about what to do and
how to do it or what has changed, sharing knowledge and getting all workers involved).
1 Scope
This British Standard provides guidance on the identification and management of risks and
opportunities in an OH&S management system.
This British Standard can assist organizations in meeting the relevant requirements of BS ISO 45001,
Occupational health and safety management systems. It does not add to, subtract from, or in any
way modify the requirements of BS ISO 45001, nor does it prescribe mandatory approaches to
implementation.
The British Standard is suitable for use by any organization regardless of type, size or maturity.
NOTE Organizations can use this document without direct reference to BS ISO 45001, however, organizations
that wish to claim conformity to BS ISO 45001 need to refer directly to BS ISO 45001 when using this document.

There are a number of terms defined in BS ISO 45001, including commonly used terms. However, when
using BS ISO 45001 it is important to take note of these technical definitions to ensure there is no
misunderstanding in its application. For example, small businesses do not always realize that the term
“organization” refers to small businesses as well as larger companies (or public bodies, charities, etc).

Organization can also be used to describe one part of a business, e.g. one department or one site – if
that is the extent of the OH&S management system. Similarly, the term “top management” refers to
whoever directs or controls the organization – the top level decision maker(s). In practical terms, top
management can mean a small business owner, the executive board or, in a non-hierarchical structure,
everyone involved in taking high level decisions.
The definition of “worker” is also worth noting. In BS ISO 45001 worker is all-inclusive and refers to
everyone working under the control of the organization, including business owners, executive boards,
senior managers, interns, volunteers, all employees and contractors.
All of the terms and definitions within BS ISO 45001 can be found on the ISO Online Browsing Platform:
http://iso.org/obp.[Last viewed 18 February 2019.]
3.1 hazard
source with a potential to cause injury and ill health
[SOURCE: ISO 45001:2018, modified]
NOTE Hazards can also include sources with the potential to cause harm or hazardous situations, or
circumstances with the potential for exposure leading to injury and ill health.
3.2 risk
effect of uncertainty
NOTE 1 An effect is a deviation from the expected, positive or negative.
NOTE 2 Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge
of, an event, its consequence, or likelihood.
[SOURCE: ISO 45001:2018, modified]
3.3 OH&S opportunity

circumstance or set of circumstances that can lead to improvement of OH&S performance
3.4 OH&S risk

combination of the likelihood of occurrence of a work-related hazardous event(s) or exposure(s) and
the severity of injury and ill health that can be caused by the event(s) or exposure(s)

The risks and opportunities to be considered by the organization depend on the type of organization,
what it does and where this is done. This is the context of the organization. For example, if the
organization makes cars in a large factory on the edge of a big city, the risks to its workers’ health and
safety are very different to those faced by the workers in a small café in a quiet village.
Context doesn’t stay the same – organizations grow, and activities change (for example, new
manufacturing lines or technology are introduced). The workforce itself changes over time. Any sort
of change to the organization has an impact on its risks and opportunities.
Context also includes factors beyond the organization’s control, for example, if there is an extreme
weather event (heatwave, snowstorm, flood), the organization’s risks and opportunities can change.
Similarly, if the world economy crashes, the law changes, or the political landscape shifts, the
organization’s risks and opportunities can change.
Context also includes people and other organizations which can be affected by the organization’s
OH&S management system – or who can affect it. These are the organization’s interested parties.

The organization should always consider what its interested parties need and expect, as well as any
associated risks and opportunities.
For example:
a) Regulators: there are risks to the organization’s workers if it doesn’t comply with health and
safety law and there are also risks to the organization itself if law-breaking leads to prosecution
or closing the business.
b) Supply chain: the organization’s OH&S management system is at risk if contracted workers
are unaware and fail to follow health and safety rules. A contractor expects its workers to be
protected, but the contractor might also bring additional risks to the workplace because of the
activities being carried out, lack of health and safety training or lack of understanding of how
they are affecting other workers. On the other hand, there is also opportunity to share good
practice and knowledge.
c) Shareholders: there are risks if shareholders or the organization’s owners do not support
the management system by investing enough money or leading by example. Alternatively, if
shareholders or the owners invest time and effort, there are opportunities to improve both
health and safety and the management system.

Managing risks and opportunities starts with top management.
Those at the top of the organization are vital to the success of the management system and to
improving health and safety in the workplace.
If top management takes a view that the OH&S management system is the health and safety
manager’s problem, there is a risk to the workforce, and the management system is unlikely to be
effective. If, for example, the board of a company is driven purely by profit and takes no interest in
health and safety there is a risk that not only will OH&S performance be misreported but workers are
being put at on-going risk. A management system cannot be effective in this environment.
Alternatively, if top management embeds OH&S into its overall business management and sees it
as a core part of being successful, there is an opportunity to create a positive OH&S culture with an
engaged workforce, and continuously improve workers’ health and safety.
The same is true for a small company owned by a single person. If the owner takes an interest and
encourages the workers to talk about health and safety and help improve it, the management system
is going to work better and the risk of injury or ill health is lowered.
A positive OH&S culture comes from leaders encouraging workers to get involved in shaping and
running the management system and being seen to take ideas and improvements on board.
The workers closest to the risks have the most to lose, and gain, from the OH&S management system,
and also have the best knowledge of the hazards faced every day. Making sure workers at all levels
can raise issues, suggest improvements and manage health and safety avoids the risk of a worker
making decisions about OH&S risks that they don’t understand and which don’t personally affect
them. This would undermine the whole management system.

6 Planning
6.1 Actions to address risks and opportunities
It is important to think widely about the types of risks and opportunities that can affect the
organization’s OH&S management system and take the time to understand them.
These include:
a) hazards to workers (anything with the potential to cause injury or ill health) and the related
OH&S risks (likelihood of being affected by the hazard and the potential severity of the impact);
b) OH&S opportunities (things that can lead to improving OH&S performance); and
c) risks to the OH&S management system itself and opportunities to improve it.
Not all risks and opportunities are equally important: prioritize and focus efforts on those that have
the greatest impact.
The starting point should be to think about what can harm people. This means both safety and health.
There can be many things in a workplace that have the potential to harm people – these are the
hazards. The hazard becomes a big risk if it is:
1) likely to happen; and
2) the harm to a person (or people) could be serious.
These are the hazards and risks that need the most attention.
It’s worth noting that safety risks typically involve distinct events (incidents), whereas the effects of
health risks can be instant or emerge over time, following exposure to a hazard.
Hazards depend on what an organization does and how it does it and can range from slips, trips and
falls, to life-threatening health conditions.
To identify hazards, take a logical, step-by-step approach – don’t forget to think about occasional
activities, such as cleaning or maintenance, planned or unplanned change (permanent or
temporary) or possible emergency situations (fire, explosions, attacks) which can lead to different
hazards and risks.
It can be useful to think about the different types of hazard, such as:
• physical (e.g. working at height, or in small spaces or extreme temperatures, fatigue);
• chemical (e.g. exposure to things like harmful liquids or fumes);
• biological (e.g. organic hazards like viruses, insects, bacteria);
• psychological (e.g. stress, harassment, overwork);
• mechanical (e.g. sharp objects, moving parts, machinery and tools);
• electrical (e.g. faulty electrical equipment, contact with an electrical conductor); and
• natural (e.g. floods, heatwaves, storms, earthquakes).
Identifying and understanding the hazards can be helped by, for example:
a) looking around the workplace;
b) talking to workers;
c) reading information from suppliers; and
d) considering past incidents and ill-health records.

Once hazards have been identified and understood, the risks need to be assessed and prioritized.
The risk is higher if it:
1) is likely to happen; and/or
2) can have a serious effect.
How high the risk is will be influenced by what controls an organization already has in place
(e.g. machine guards, good ventilation and lighting, whistleblowing processes, training, regular
health checks).
The organization should try to eliminate hazards where it can or otherwise reduce risks as far as
possible, but within reason (this is often referred to as “as low as reasonably practicable” or ALARP).
This is usually done using a process called “the hierarchy of controls” (see Clause 8).
As well as assessing risks, an organization should think about opportunities such as making changes
to the work environment, working conditions and how work is organized. When planning for
opportunities, an organization should consider what can make the biggest impact and when might
be a good time to act. One of the most important opportunities is when change is happening in the
organization or its activities and there is a chance to build OH&S considerations into that change,
rather than dealing with issues that arise after the change has been made.
An organization should also consider risks and opportunities which are not directly associated with
harm to people, but instead affect the effectiveness of the OH&S management system itself.
For example:
• an organization might need to coordinate plans with its neighbours; delays or difficulties in
working with neighbours can affect the OH&S management system;
• a transient, frequently changing workforce, with variable levels of experience can mean that
training and communications need to be adjusted to make sure people are still competent; and
• an organization introducing new products, services or activities might lack the knowledge and
competence to address the possible hazards and risks which in turn affects how well the OH&S
management system works.
Another vital part of risk management is being aware of and meeting legal, regulatory and other
requirements (such as those from a parent company or contract). There are different legal
requirements for different types and sizes of business, so it is important that top management stays
up to date with any changes and communicates these requirements to workers, as necessary.
NOTE The HSE provides further information on hazard identification, risk assessment and legal requirements, see
http://www.hse.gov.uk/risk/identify-the-hazards.htm [Last viewed 18 February 2019].
6.2 OH&S objectives and planning to achieve them

OH&S objectives should reflect the priority risks and opportunities that have been identified.
It is important when setting these objectives that a practical approach is taken, to ensure that
the objectives are manageable and achievable whilst still providing a challenge. Knowing who is
responsible for each objective and the timeframes for achieving them is critical, as is securing the
commitment and resource needed from top management. Engaging with workers and communicating
the objectives throughout the organization are also key to success.

7 Support
To manage OH&S risk effectively the organization needs to have enough time, money, people and,
when necessary, equipment.
The OH&S management system is at risk if a lack of funding means that the protective measures
identified or changes to ways of working can’t be put in place. However, it is not necessary to spend
days discussing how to reduce the number of paper cuts or spend a fortune on a complex health
monitoring system if an organization’s business is low risk and exposure to serious hazards is rare.
Workers are typically the most important resource when it comes to managing risks and
opportunities for both people and the management system. Giving workers time to think about and
act on risks and opportunities is a good starting point in managing OH&S risk.
It is also essential that competence is addressed. There are different types of competence to consider,
such as competence to:
a) perform specific duties safely and without putting others at risk;
b) identify hazards, understand their risks and manage those risks effectively; and
c) plan for, respond to and manage emergency situations.
Competence requirements don’t stay the same, nor do individual or organizational competence. It’s
important to make sure these are reviewed regularly and actions taken to address any gaps.
It is important to avoid over-complicating paperwork and producing too many written processes
and procedures. The organization should only document what is needed to make sure the OH&S
management system works, and its legal requirements and other requirements are met.
The way the organization communicates to its workers and other people should be appropriate to
who needs to be informed, otherwise there is a risk that people who are affected might not be aware
of potential changes. For example, a software development company might find that using an online
platform to communicate is most appropriate, whilst mechanics might find conversation and a
summary on the noticeboard is more effective.
8 Operation
Once risks have been identified and prioritized, the organization needs to control them as well as
it can. To do this a system has been developed called the “hierarchy of controls”: the idea is that the
top action is the best, but if this is not possible, the ones that follow should be used. Sometimes using
more than one is the most effective and practical solution.
The hierarchy of controls is:
a) elimination (remove the hazard completely);
b) substitution (use something less dangerous, e.g. using scaffolding instead of ladders);
c) engineering controls (practical changes to reduce the risk, e.g. machine guards or reorganizing
how work is done);
d) administrative controls (raise awareness and knowledge, e.g. signs, instructions, training); and
e) personal protective equipment (wear protection to limit exposure, e.g. masks, ear defenders).
The most appropriate controls for the organization’s risks might change over time, e.g. as new
materials or technology becomes available.


Organizations should be aware of potential emergencies, and have a plan to deal with them. The
likelihood of a particular type of emergency should be considered, as well as how serious it could be.
Emergencies don’t always happen exactly as anticipated, therefore the organization should ensure
that it carry out on-the-spot risk assessment and be able to adapt its response as the situation
develops. The ability to respond to a changing emergency situation can be tested through desk-based
scenarios and live drills, however care should be taken to vary drills and test scenarios to avoid
complacency or the assumption that everything will work and the situation will be identical in a real
life emergency.
Performance evaluation is about answering two questions:
a) is the management system (and its processes) working properly?
b) are the controls you’ve put in place preventing injury and ill-health?
Risk is an important factor in answering both questions. Considering risks can help the organization
decide what needs to be measured and what needs to be monitored. There are lots of things
that could be measured within a management system, therefore it is important to focus on what
matters, such as:
1) are legal requirements being met, including any that have recently changed?
2) are other requirements being met, such as those agreed with your supply chain or
parent company?
3) is OH&S performance getting better, or getting worse?
4) are OH&S objectives being met?
The organization should ensure that controls to prevent injury and ill health are monitored and are
working effectively.
The organization should prioritize its largest OH&S risks. For example, if the organization has
activities controlled by formal permit to work systems or specific procedures, it is important to check
that these are being correctly applied. Similarly, fire risk controls can be measured by making sure
there is periodic inspection of emergency escape routes to check they are clear and accessible, and
measuring how long it takes to leave the building during fire drills.
9.2 Internal audits

Internal audits of the OH&S management system should cover the entire system over time. All
processes described in the OH&S management system should be included at some point, as should
all locations. The audit should focus on areas of greater risk, for example, in an organization with
relatively low-risk office-based activities and higher risk factory or site activities, the factory or site
activities should have greater focus.

In regard to OH&S risks and opportunities, internal audits provide the opportunity to test whether:
a) risk assessments are up to date and periodically reviewed;
b) workers carrying out an activity understand how the risk is assessed and are using the
right controls;
c) workers have the necessary competence;
d) assessment of changing risks is taking place; and
e) opportunities to eliminate hazards and reduce risks are being identified and acted upon.
It is important that top management evaluates the overall performance of the OH&S management
system, rather than concentrating on specific parts of it. The various measuring, monitoring and audit
activities should help determine if:
1) the organization understands its OH&S risks, and has put appropriate controls in place;
2) workers understand the risks that can affect them and are applying the agreed controls;
3) any risk controls need to change, or if there is an opportunity to eliminate a hazard or reduce
risk even more; and
4) the organization is complying with its legal requirements and other requirements in the way it
manages OH&S.
10 Improvement
Ways to improve the organization’s OH&S performance, or the OH&S management system should
become clear through evaluating how well the system is working. Although some improvements can
involve complex planning and take time to implement, quick and simple changes in the way work is
carried out can also make a positive difference.
Improvements can include:
a) assessing risks more often;
b) sharing best practice by joining professional bodies or attending networking events;
c) improving organizational and individual knowledge; and
d) changing the way something is done (for example, making sure more than one person checks
that safety measures are in place before an activity).

Bibliography
BS ISO 45001:2018, Occupational health and safety management systems – Requirements with
guidance for use
Further reading
BS 45002‑0, Occupational health and safety management systems – General guidelines for the



-based solutions.
a dependable format and refined through our open consultation process. Our range of subscription services are designed to make using standards
PLUS is an updating service exclusive to BSI Subscribing Members. You will
Buying standards
To find out more about becoming a BSI Subscribing Member and the benefits
wish. With updates supplied as soon as they’re available, you can be sure your
Copyright in BSI publications
of and copyrighted by BSI or some person or entity that owns copyright in the Revisions
We continually improve the quality of our products and services to benefit your
business. If you find an inaccuracy or ambiguity within a British Standard or other
Useful Contacts
Email (orders): [email protected]
user for personal or internal company use only. Email (enquiries): [email protected]
• A single paper copy may be printed for personal or internal company use only. Email: [email protected]

company use only. Email: [email protected]
Tel: +44 20 8996 7070
If you need more than 1 copy of the document, or if you wish to share the Email: [email protected]
389 Chiswick High Road London W4 4AL UK
BS 45002‑3:2018

of ISO 45001
Part 3: Guidance on incident investigation
ISBN 978 0 580 98864 6
ICS 03.100.01; 13.100
Date Text affected

Contents Page
Foreword ii
0 Introduction 1
1 Scope 1
3 Te r m s a n d d e fi n i ti o n s 1
5 Leader and worker participation 2
6 Planning 3
7 Support 4
8 Operation 5
10 Improvement 11
Annex A (informative) Example of investigation contacts and participants for complex
organizations 12
Table A.1 — Example of investigation contacts and participants matrix 13
Bibliography 14
Summary of pages
a back cover.
© THE BRITISH STANDARDS INSTITUTION 2018 – ALL RIGHTS RESERVED I

0 Introduction
Based upon the facts that are discovered, the incident investigation needs to establish the:
a) immediate and root causes of the incident;
b ) d e fi c i e n c i e s a n d / o r i n a d e q u a c i e s i n th e re l e va n t r i s k a s s e s s m e n ts a n d c o n tr o l p r o c e d u r e s ; a n d
c) need for preventative measures and any necessary improvements in the occupational health and
safety (OH&S) management system to prevent similar incidents.
There are also legal, moral, societal and business reasons for carrying out an investigation.
1 Scope
This British Standard describes the intent of individual clauses in BS ISO 45001 and provides
guidance to help organizations implement an accident/incident investigation process based on
BS ISO 45001.
NOTE This British Standard does not add to, subtract from, or in any way modify the requirements of
BS ISO 45001, nor does it prescribe mandatory approaches to implementation.
NOTE Organizations can use this document without direct reference to BS ISO 45001, however, organizations
that wish to claim conformity to BS ISO 45001 need to refer directly to BS ISO 45001 when using this document.

NOTE There are a number of terms defined in BS ISO 45001, including commonly used terms. However, when
using BS ISO 45001 it is important to take note of these technical definitions to ensure there is no misunderstanding
in its application. For example, small businesses do not always realize that the term “organization” refers to small
businesses as well as larger companies (or public bodies, charities, etc). Organization can also be used to describe
one part of a business, e.g. one department or one site – if that is the extent of the OH&S management system.
Similarly, the term “top management” refers to whoever directs or controls the organization – the top level decision
maker(s). In practical terms, top management can mean a small business owner, the executive board or, in a
non-hierarchical structure, everyone involved in taking high level decisions.
The definition of “worker” is also worth noting. In BS ISO 45001 worker is all-inclusive and refers to everyone
working under the control of the organization, including business owners, executive boards, senior managers,
interns, volunteers, all employees and contractors.
All of the terms and definitions within BS ISO 45001 can be found on the ISO Online Browsing Platform: http://iso.
org/obp [Last viewed 31 July 2018].
Fo r th e p u r p o s e s o f th i s B r i ti s h S ta n d a r d , th e te r m s a n d d e fi n i ti o n s g i ve n i n BS ISO 45001 and the
following apply.
3.1 immediate cause

obvious reason for an adverse event
NOTE For example, wrong valve opened, guard removed.

3.2 root cause

initiating event or failing, from which all other causes or failings spring; or an initiating cause of
either a condition, or a causal chain, that leads to an outcome or effect of interest
NOTE For example, failure to identify training needs, assess competence, plan to assess risks.

Organizations can improve the effectiveness of accident/incident investigation by proportionate and
focused consideration of their context. Both external and internal factors are likely to be relevant.
Relevant external factors could include:
a) relevant legal and other requirements, e.g. RIDDOR [1] , industry standards;
b) the expectations of external parties (e.g. openness), such as customers, suppliers, contractors,
trade associations, relevant trade unions, members of the public, emergency services; and
c ) s u p p l i e r c h a n g e s to p r o d u c t/ e q u i p m e n t s p e c i fi c a ti o n s , a n d h o w th e s e a r e c o m m u n i c a te d .
Organizational size, complexity and the nature of its health and safety risks are all relevant internal
factors. Other internal factors might include:
1) the internal culture of the organization, e.g. a no‑blame approach and willingness to
learn lessons;
2) the expectations of workers, e.g. worker involvement (including worker representatives where
they exist) in investigations; and
3) the need to ensure and maintain effective organizational competence and control in identifying
and implementing corrective actions.
Any recent changes within or external to the organization that might have contributed to the incident
should also be taken into account.
5 Leader and worker participation

For an investigation to be effective and support a positive culture, it is essential that top management
encourage and support the workforce to be fully involved.
The organization should take into account the complexity and potential level of risk according to the
type of hazards within the organization in order to determine the appropriate approach.
Depending on the level of the investigation required (and the size of the organization), supervisors,
line managers, health and safety professionals, trade union safety representatives, worker
representatives and top management could all be involved.
A team approach to investigating incidents helps the organization involve appropriate workers
in the investigation, and ensures that the correct people in the organization are aware so that
o th e r i m p l i c a ti o n s f o r th e b u s i n e s s c a n b e c o n s i d e r e d a n d i m p r o ve m e n ts c a n b e i d e n ti fi e d a n d
implemented.
NOTE There are legal requirements on involving safety representatives in accident/incident investigations and
providing information on the outcome and actions taken.

6 Planning
6.1 Planning for investigations
To a i d e ff
e c ti ve r e p o r ti n g a n d i n ve s ti ga ti o n , i t i s u s e f
u l to h a ve p r e - d e fi n e d c r i te r i a a g r e e d b y th e
organization, and documented, which address:
a) types of incidents (e.g. injury, ill‑health, property damage, near miss) and associated methods of
notifying and reporting (some ill‑health conditions have a long latency and this needs to be taken
into account when planning criteria);
b) to whom, when and how the occurrence of incidents is to be reported (internally and externally)
a n d i n ve s ti ga te d , b e a r i n g i n m i n d th e p o te n ti a l s i g n i fi c a n c e o f th e i n c i d e n t; wh e n p l a n n i n g th e
investigation of health conditions this might require additional considerations such as what the
investigation procedure should cover, e.g. evidence of direct cause and effect, records of health
or medical surveillance, if appropriate, the literature review on exposure and health effect and
timeline, whether the health effect physical or psychological, evidence‑based explanation for
management and affected parties;
c) who internally and externally is to be contacted to take charge of the investigation, and how,
dependent on the type of investigation;
d ) d e fi n i n g a n d c o m m u n i c a ti n g th e e x p e c te d l e ve l s o f i n ve s ti ga ti o n , i n te r m s o f r e s o u r c e a l l o c a ti o n ,
depth and overall approach;
e) the tools and techniques to be used by those carrying out the investigation;
f) the competency levels needed by those involved in investigating and investigation report
preparation;
g) the process for reviewing recommendations and implementing actions; and
h) the process for drafting, approving and signing off the report prior to release.
6.2 Pre-investigation actions

The organization should put in place arrangements for reporting incidents as soon as possible to a
designated person(s) in the organization responsible for:
a) taking steps to ensure continuing risks are assessed;
b) making the incident scene safe;
c) treating casualties;
d) making the incident scene secure; and
e) reporting internally and externally on the incident.

NOTE Not all investigations are “immediate” following an incident. Some might be repeated over time and only
come to light when a health effect is reported.
6.3 Arrangements for assessing risks, making safe and treating casualties
T h e o r ga n i z a ti o n s h o u l d p u t i n p l a c e a r r a n g e m e n ts to e n s u r e th a t th e fi r s t p e o p l e o n th e s c e n e
can assess any risks and make the scene safe, including requesting emergency services assistance
if required.
Once it is determined that it is safe to do so, appropriate actions should be taken to make the scene of
the incident safe, e.g. by isolating any electricity to the area or machinery. The priority should then be
to g i ve fi r s t a i d to a n y c a s u a l ti e s a n d a wa i t e m e r g e n c y s e r v i c e s i f th e y a r e n e e d e d . D e p e n d i n g o n th e
circumstances and seriousness of the situation, the organization’s emergency procedures or disaster

recovery plan might need to be implemented at this stage, along with the assembly of a disaster
recovery team.
NOTE If the incident has led to a fatality, the incident scene could potentially be a crime scene.
6.4 Planning to make incident scene secure
The organization should put in place procedures to ensure vital evidence can be preserved by
ensuring it is not unnecessarily disturbed or degraded, or where this is necessary, recording it as
accurately as possible, e.g. by photography, video, a scaled sketch, written description or marking its
position in situ, before it is moved. The procedures should also make provision for ensuring the scene
can be secured at the earliest possible stage. This should not take priority over rescue work, treating
casualties or making the incident scene safe.
Where the incident has occurred on a worksite, the primary scene (the actual location of the incident)
should be secured at the earliest possible stage following the incident, in order to preserve relevant
information, e.g. by locking access to a particular room, or taping off access to a work area. Where the
emergency services decide it is appropriate, they will take control of a serious incident.
6.5 Reporting
I n a l a r g e r o r ga n i z a ti o n i t i s u s e f
u l to h a ve a m a tr i x s e tti n g o u t wh o s h o u l d b e c o n ta c te d f
o r s p e c i fi c
types of incidents (see Annex A). This should include:
a) internal and external parties;
b) relevant contact details; and
c) who reports what to whom.
In a smaller organization this might be as simple as contacting the emergency services and the
owner/manager.
Even in the smallest organization, employees should know who to contact if the designated person is
not available. Examples of those who might need to be contacted include:
1) emergency services;
2) next of kin;
3) regulators;
4) relevant managers;
5) insurers;
6) human resources;
7 ) h e a d o f fi c e ; a n d
8) worker representatives, where they exist.
This information should be easily available.
7 Support
7.1 Resources and competence

The organization should provide resources and competent investigators. This could include training
for workers to take part in incident investigations.
NOTE In organizations where there are few incidents to investigate, investigating non-serious incidents could be
a way of maintaining investigating skills and competence.

7.2 Communication
T h e o r ga n i z a ti o n s h o u l d d e te r m i n e h o w, wh e n a n d to wh o m i t c o m m u n i c a te s fi n d i n g s a n d l e s s o n s
learnt from incident investigations. This includes workers, and their representatives (where they
exist), contractors and other interested parties.

The method, format, content and retention policy of investigation reports and associated paperwork
(such as witness statements) should be:
a) appropriate to the complexity of the organization, e.g. this could be a blank piece of paper, or for
a more complex organization, pre‑printed witness statements, or even recording or electronic
recording facilities;
b) available when needed;
c ) s e c u r e ( th i s i n c l u d e s p r o te c ti o n o f c o n fi d e n ti a l d a ta i n l i n e w i th r e l e va n t l e g i s l a ti o n a n d e n s u r i n g
it is easily accessible); and
d) reviewed in line with the OH&S management system requirements.
8 Operation
8.1 General
When an incident is reported the following steps should be taken in proportion to the severity of the
incident, to ensure that an effective investigation takes place, including recommendations of actions
necessary to prevent recurrence.
a) Ensure a prompt response.
b) Maintain and secure the evidence.
c) Determine and collate the facts.
d) Determine the immediate and root cause(s).
e) Make recommendations.
8.2 Response to an incident being reported

8.2.1 Prioritize incident investigation
All incidents should be investigated in a timely and proportionate manner.
A risk assessment process should be used to identify those “critical incidents” where better controls
are most needed as a priority, and where a more thorough investigation or additional assistance/
competence is required.
With a less critical incident, e.g. paper cut requiring stitches, with no previous similar incidents, the
facts and remedial actions could be established during the recording of the incident, and then this
r e c o rd r e vi e we d b y th e d e s i g n a te d p e r s o n to c o n fi r m i ts a d e q u a c y.
8.2.2 Determine who to report to and who investigates

Who to report to and who is part of the investigation process depends on the potential severity of the
incident. Reference to a matrix developed in the planning stage can be useful (see Clause 6 ).
When a team approach is taken to investigate the incident, team members should ideally not have
been directly involved in planning or managing the tasks associated with the incident.

8.3 Maintain and secure the evidence

Initially, the site should be made safe before ensuring that, wherever possible, equipment at the
scene and conditions at the time of the incident remain unchanged and not moved. As each piece of
evidence is moved, the scene begins to change and vital information is lost.
8.4 Determine and collate the facts

8.4.1 General
Under the direction of the team leader, the team should decide on what is required, ensuring that all
relevant activities are allocated to named team members, such as:
a) identifying witnesses and organizing statements;
b) photography;
c) equipment checks;
d) acquiring relevant documentation and records;
e) working and surrounding environment; and
f) identifying interested parties/experts.

NOTE 1 The above might not occur in the order listed.
NOTE 2 Some occupational health conditions might be reported a long time after any specific incident but still
need investigating even though there might no longer be a scene or witnesses.
8.4.2 Interview witnesses and other key personnel
NOTE Witnesses are those present at the scene leading up to and/or at the point of time the incident occurred
and who saw what actually happened.
The interview process, in terms of resource allocation, depth and overall approach, should be
p r o p o r ti o n a l to th e h e a l th a n d s a f
e ty s i g n i fi c a n c e o f th e i n c i d e n t a n d th e s i z e a n d c o m p l e x i ty o f th e
organization.
Wi tn e s s e s s h o u l d b e i d e n ti fi e d a n d i n te r vi e we d a s e a r l y i n th e i n ve s ti ga ti o n a s p o s s i b l e wh i l s t th e i r
recollection is fresh.
It should be borne in mind that different witnesses could have a different recollection due to factors
such as their location, and their frame of mind at the time. Interview of a witness might need to be
delayed if workers are injured, ill or psychologically traumatized and require treatment.
Other key personnel to interview should include those:
a) in the vicinity who might have seen, heard, felt or smelled something relevant;
b) with knowledge of the incident or surrounding circumstances; and
c) who can corroborate the actions of others and/or validity of data gathered.
The investigation team should avoid prejudging and/or making assumptions about both worker(s)
and situations, as this could result in the investigator leading witnesses and receiving answers which
they desire rather than the actual facts.
A suitable location should be selected for witness interview, providing privacy and freedom from
interruption or distraction.
The interview process, in terms of resource allocation, depth and overall approach, should be
p r o p o r ti o n a l to th e h e a l th a n d s a f
e ty s i g n i fi c a n c e o f th e i n c i d e n t , s i z e a n d c o m p l e x i ty o f th e
organization. In simple cases, brief written statements of the facts might remove the need for formal
interviews. For more complex incidents where a more formalized response might be needed to

prevent a recurrence, formal interviews, supported by brief written statements prior to interview,
could help the interview team prepare for the interview.
The needs of individuals should be considered and appropriate support provided, and reasonable
adjustments made.
Workers should be interviewed separately, and at the end of the interview the interviewee should
c o n fi r m th e f
a c ts a n d s i g n th e s ta te m e n t to i n d i c a te th a t i t i s a n a c c u r a te r e fl e c ti o n o f th e i n te r v i e w.
8.4.3 Inspect the scene

Wherever possible, the scene at the time of the incident should remain unchanged until records
(e.g. photographs, written notes) have been made (see 8.2 ).
Early inspection of the scene, if safe to do so, allows investigators to make and record initial
observations, e.g. positional information, physical condition of premises/plant/equipment,
substances present and also the work environment, such as weather, temperature, humidity, light,
noises and odours, including sampling and testing.
There might be unavoidable delays in gaining access to the scene, e.g. to allow external authorities to
conclude their investigations and/or allow completion of actions to make safe for entry.
The use of drawings, sketches, detailed plans and photography to record location evidence
could assist in re‑creating the scene of the incident, especially for those reviewing/reading the
investigation report.
8.4.4 Releasing the scene

Where the severity of the incident warrants it and all relevant information has been gathered from
the scene, a formal handover of the scene from the investigation team leader to the area line manager
s h o u l d ta ke p l a c e . Wh e r e r e c o ve r y o f n o r m a l o p e ra ti o n s r e q u i r e s s i g n i fi c a n t p l a n n i n g a n d r e s o u rc e
due to their complexity, it is appropriate for recovery teams and investigation teams to liaise, with
large incident scenes possibly being released in stages.
8.4.5 Information gathering

8.4.5.1 Environmental conditions
The design and layout of the worksite, together with the surrounding environmental conditions, can
also be contributory factors in incidents occurring. On many occasions, the worker is faced with a set
of circumstances and reacts to overcome the potential or actual issues, thereby becoming vulnerable
and leading to the incident. Information to be gathered can include:
a) noise – background and worksite noise levels;
b) ventilation – level of fresh air, fumes, gases, smells;
c ) l i g h t – wa s i t a t n i g h t a n d / o r wa s th e r e s u f
fi c i e n t n a tu r a l / a r ti fi c i a l l i gh t?
d ) s p a c e – h o w m u c h s p a c e i s r e q u i r e d f o r th e ta s k, wa s i t a va i l a b l e , c l u tte r e d , b a d l y l a i d o u t?
e) heat – what was the temperature/humidity at the worksite and was it higher/lower
th a n e x p e c te d ?
f) workload, intensity of work, and working hours.
8.4.5.2 Equipment and material evidence

The interaction between worker and equipment can provide vital clues. Important facts can be
established regarding equipment, such as the following.
a ) I s i t th e c o r r e c t e q u i p m e n t , i n s e r vi c e a b l e c o n d i ti o n , a n d a r e th e r e q u i r e d s a f
e g u a r d s i n p l a c e ?

b) Checking any labels or markings on the equipment or substances.

c ) I s th e r e a r e q u i r e m e n t f o r p e r s o n a l p r o te c ti ve e q u i p m e n t ( P P E ) u s a g e a n d i f s o , wa s i t p r o v i d e d ?
d) Has the personal health of the individual had a bearing on their capability and reactions.
Gathering information regarding the rationale for preventative maintenance programmes and formal
equipment checks can be useful.
8.4.6 Review documented information and records evidence

Essential information can also be obtained from documented information, such as:
a) policies, processes and work instructions;
b) risk assessments, maintenance records, workplace environment monitoring, anonymized health
s u r ve i l l a n c e r e c o r d s , te s t c e r ti fi c a te s , tra i n i n g r e c o r d s ; a n d
c) previous incident reports, including any recommendations made and their implementation.
All relevant documented information should be retained or copied, referenced, logged and
kept securely.
8.5 Establishing the causes

Once the investigators have the facts, they can determine the causes of an incident. It is not unusual
for there to be more than one cause leading to an incident. Causes can be categorized into:
a) immediate causes, which are normally present at the worksite, and at the incident location, and
are usually prompted by:
b ) o th e r m o r e u n d e r l y i n g r o o t c a u s e s , wh i c h ty p i c a l l y l i e e l s e wh e r e a n d l e a d to d e fi c i e n c i e s i n th e
occupational health and safety programme or policy.

Immediate causes can fall into two main areas:
1) behaviour (e.g. failure to follow rules, not wearing PPE, incorrect use of equipment); and
2) worksite conditions (e.g. equipment, materials and environment that workers interact with).
In most cases the action taken by the worker is likely to be repeated unless the underlying root causes
are addressed, including:
i) management and organizational factors, e.g. shortfalls in the organization’s OH&S policy,
resources and arrangements, resulting in ineffective management of risk;
ii) job factors, e.g. unsuitable working environment, plant, equipment, substances, precautions,
procedures and systems of work; and
iii) personal factors, e.g. lack of appropriate decision making, behaviour, underlying health
conditions, skill, knowledge, experience and aptitude to carry out duties safely.
Wh e r e p e r s o n a l f a c to r s a r e i d e n ti fi e d a s c a u s e s o f th e i n c i d e n t , i t i s i m p o r ta n t to e x p l o r e h o w j o b a n d
management factors that might have contributed to those personal factors arose.
The team should look for immediate causes and any contributory factors by trying to reconstruct
what happened just before the incident. In determining such causes, simple checklists can be used to
prompt thought and examination of previously unconsidered areas.
For effective investigations of critical incidents, or those with severe potential consequences, it might
be appropriate to use one or more techniques such as Fault Tree Analysis (FTA), the why approach,
and process mapping, which might require training and experience for effective application.

8.6 Maintain and secure evidence and investigation documentation

Incident investigation documentation and related records should be maintained in an agreed
secure location. Any components, equipment, plant or materials which might be needed for further
evaluation or use as evidence should also be stored in an agreed location until the investigation
team leader, or authorities, decide that it is no longer required and can be returned to service or
disposed of.
8.7 Investigation report

The investigation report is the document which contains all the collated information. It should be
fully and diligently completed and demonstrate that the organization took the required steps to
p r e ve n t a r e c u r re n c e o f th e i n c i d e n t . T h e r e p o r t s h o u l d c o n ta i n s u f
fi c i e n t i n f
o r m a ti o n to g i ve a c l e a r
picture of events, and as a minimum include:
a) identifying information – names, dates, times;
b) criticality evaluation – severity and frequency;
c) incident category (e.g. near miss, high‑potential near miss/accident, low, serious, major);
d) full description of events, including drawings, maps, sketches and photographs;
e) full causal analysis;
f) immediate actions taken;
g) recommendations for corrective action and opportunities; and
h) copies of witness and expert statements.
If the report makes reference to, or bases conclusions on, presumed events or conditions, i.e. those
not supported by evidence, the investigator(s) should justify inclusion.
The report should be distributed to:
1) the appropriate managerial level;

NOTE For example, major and high potential incidents need to be reported to top management.
2) those impacted by the incident;
3) those allocated actions; and
4) other interested parties (e.g. employee representatives, regulator).
9.1.1 Investigations
P e r i o d i c a l l y ( e . g . m o n th l y o r a s d e fi n e d w i th i n th e m a n a g e m e n t s ys te m ) , a s u m m a r y o f p a s t
incidents which have occurred since the last report should be prepared by a designated worker and
reviewed by any relevant management and health and safety committees. The report should include
information associated with each incident, including:
a) severity rating (e.g. minor, serious, major, catastrophic);
b) incident category;
c) reporting promptness [e.g. how well it met any reporting time criteria in the occupational health
and safety management system (OHSMS] ; and
d) status of recommendations/actions raised.

Outstanding items should be expedited.
9.1.2 Trend analysis

Incident analysis involves the methodical examination of the causes and actual or potential
consequences of past incidents. By structuring the information on incidents and their causes, trends
c a n b e i d e n ti fi e d wh i c h b r i n g to l i gh t r e p e a te d O H &S e x p o s u r e s , i n c o r re c tl y e va l u a te d r i s ks a n d
i n a d e q u a te c o n tr o l s . I n c i d e n t r e p o r ts o ve r a p re - d e fi n e d r o l l i n g p e r i o d s h o u l d b e a n a l ys e d to m o n i to r
for trends such as:
a) types and categories of incidents by, for example:
1) actual and potential severity;
2) type of injury or ill‑health condition;
3) body part injured;
4) location of incident; and
5) time of day incident occurred;
b) consequence frequency rates. Reports should include the most recent rates and previous rates,
for example:
1) personal injury and ill‑health;
2) lost time;
3) property damage; and
4) near miss;
c) immediate and root causes, for example:
1) sub‑standard conditions; and
2) sub‑standard acts;
d) root causes, for example:
1) personal factors; and
2) organizational factors; and
e) completion of remedial and preventative actions.
The trends should be reviewed by relevant management and health and safety committees, and
o c c u p a ti o n a l h e a l th p r o f e s s i o n a l s i f a p p r o p r i a te , a s d e fi n e d b y th e i r te r m s o f re f e re n c e .
9.2 Internal audit

The effectiveness of the incident investigation and reporting process should be reviewed on a
periodic basis as part of the organization’s internal audit programme, with the aim of:
a) identifying improvements in the reporting/investigation process;
b) identifying training needs; and
c) assessing compliance with the process.
Audit reports should be circulated to senior managers and discussed as part of the management
review meetings as a minimum.

9.3 Management review

Top management should include in their management review meeting a review of incidents
which includes:
a) progress of overdue actions;
b) progress of major investigations;
c) review of major incidents since last management review;
d) trend analysis; and
e) audit reports on the incident investigation reporting process.
10 Improvement
10.1 Implementing recommendations
A l l r e c o m m e n d a ti o n s s h o u l d b e s p e c i fi c , m e a s u ra b l e , a c h i e va b l e , r e a l i s ti c a n d ti m e - b a s e d ( S M A RT ) .
It is up to the line management of the area or activity affected to plan and implement the agreed
remedial actions within the set timescales. These actions should be monitored and tracked to ensure
successful and timely completion.
In order to achieve effective implementation, workers and their representatives, where they exist,
should be consulted to ensure their commitment and cooperation. The reasons for any changes
should be explained to those who could be affected and who might need retraining. Implementation
of changes arising from investigations should be included in subsequent monitoring and review.
10.2 Learning lessons

If the investigated incident or a similar one has the potential to recur, the lessons learned should be
s h a re d , wh i l s t p r e s e r v i n g i n d i v i d u a l c o n fi d e n ti a l i ty, th r o u g h o u t th e s i te , o r g a n i z a ti o n a n d , wh e r e
relevant, peer group industries.

NOTE The communication of brief facts and causes surrounding the incident could be sufficient for others to
learn and act upon.

Annex A (informative)
Example of investigation contacts and participants for
complex organizations
COMMENTARY ON Annex A
See also 6.5.
A.1 A.1 Responsibilities and management participation

The investigation team for the initial investigation of all incidents includes:
a ) th e fi r s t l i n e s u p e r v i s o r ( f
o r e m a n , s u p e r v i s o r o r m a n a g e r ) ;
b) a representative from the area;
c) the shift supervisor;
d) the injured party, if available (for personal injury accidents);
e) an environmental health and safety (EHS) specialist, as applicable (subject to severity);
f) the relevant manager (subject to severity); and
g) other senior managers (subject to severity).
The department manager is responsible for ensuring events reported are investigated and acted
upon in a prompt and correct manner. Their representative participates in the investigation as shown
in Table A.1.
T h e s h i f
t s u p e r v i s o r i n i ti a l l y c o o r d i n a te s a c ti v i ti e s a n d l e a d s th e i n ve s ti ga ti o n w i th th e fi r s t l i n e
supervisor and a representative from the area.

Table A.1 — Example of investigation contacts and participants matrix

Notification Participate in investigation/review
M S L N HPI M S L I HPI
General Manager √ √
Site Manager √ √ √ √
Shift Supervisor √ √ √ √ √ √ √ √ √ √
Department √ √ O √ √ √ √
Manager
Process Safety √ √ √ √ √ √
Coordinator
Environmental √
Advisor
Employee from √ √ √ √ √
area
Team Leader/Line √ √ O O √ √ √ √ √ √
Supervisor
EHS Manager √ √ √ √ √ √ √
Engineering √ engineering related only as determined at time

Services Manager
Human Resources √ as determined at time
Manager
L = low type accident/incident; N = near miss accident/incident; S = serious type accident/incident;
M = maj or type accident/incident; HPI = High‑potential incident. For serious (S) and maj or (M) type
accident/incidents, senior managers should be involved from the outset.
√ = a l l a r e a s , O = o w n a r e a

Bibliography
BS ISO 45001:2018, Occupational health and safety management systems — Requirements with
guidance for use
Other publications
[1] UNITED KINGDOM. Reporting of Injuries, Diseases and Dangerous Occurrences Regulations
2013. http://www.hse.gov.uk/riddor/ 1
Further reading
BS 45002‑0, Occupational health and safety management systems — Part 0: General guidelines for the
GREAT BRITAIN. The Health and Safety (Consultation with Employees) Regulations. The Stationery
O ffi c e . L o n d o n , 1 9 9 6 .
GREAT BRITAIN. The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations. The
S ta ti o n e r y O f fi c e , L o n d o n , 2 0 1 3 .
HEALTH AND SAFETY EXECUTIVE. Reporting accidents and incidents at work. A brief guide to the
Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013 (RIDDOR) . INDG453.
Sudbury: HSE, 2013. http://www.hse.gov.uk/pubns/indg453.pdf
HEALTH AND SAFETY EXECUTIVE. Investigating accidents and incidents. HSG245. London: HSE, 2004.
www.hse.gov.uk/pubns/books/hsg245.htm
1 Last viewed 31 July 2018

THIS PAGE DELIBERATELY LEFT BLANK



-based solutions.
a dependable format and re f ned through our open consultation process. Our range of subscription services are designed to make using standards
Buying standards PLUS is an updating service exclusive to BSI Subscribing Members. You will
To f nd out more about becoming a BSI Subscribing Member and the bene f ts
Copyright in BSI publications wish. With updates supplied as soon as they’re available, you can be sure your
of and copyrighted by BSI or some person or entity that owns copyright in the
Revisions
We continually improve the quality of our products and services to bene f t your
business. If you f nd an inaccuracy or ambiguity within a British Standard or other
Useful Contacts
Email (orders): orders@bsigroup. com
user for personal or internal company use only. Email (enquiries): cservices@bsigroup. com
• A single paper copy may be printed for personal or internal company use only. Email: subscriptions@bsigroup. com
company use only. Email: knowledgecentre@bsigroup. com
Tel: +44 20 8996 7070
If you need more than 1 copy of the document, or if you wish to share the Email: copyright@bsigroup. com
389 Chiswick H igh Road Lond on W4 4AL U K

BSI Standards Publication: Occupational Health and Safety Management Systems

Uploaded by

Copyright:

Available Formats

BSI Standards Publication: Occupational Health and Safety Management Systems

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BSI Standards Publication: Occupational Health and Safety Management Systems

Uploaded by

Copyright:

Available Formats

BS 45002‑0:2018

BSI Standards Publication

Occupational health and safety

Part 0: General guidelines for the application of ISO 45001

Publishing and copyright information

The British Standards Institution 2018

Published by BSI Standards Limited 2018

ISBN 978 0 580 92725 6

ICS 03.100.01; 13.100

The following BSI references relate to the work on this document:

Amendments/corrigenda issued since publication

Date Text affected

© THE BRITISH STANDARDS INSTITUTION 2018 – ALL RIGHTS RESERVED

© THE BRITISH STANDARDS INSTITUTION 2018 – ALL RIGHTS RESERVED i

Use of this document

Contractual and legal considerations

ii © THE BRITISH STANDARDS INSTITUTION 2018 – ALL RIGHTS RESERVED

© THE BRITISH STANDARDS INSTITUTION 2018 – ALL RIGHTS RESERVED 1

3 Terms and definitions

4 Context of the organization

4.1 Understanding the organization and its context

2 © THE BRITISH STANDARDS INSTITUTION 2018 – ALL RIGHTS RESERVED

f) location of operation(s); and

© THE BRITISH STANDARDS INSTITUTION 2018 – ALL RIGHTS RESERVED 3

4.3 Determining the scope of the OH&S management system

4.4 OH&S management system

4 © THE BRITISH STANDARDS INSTITUTION 2018 – ALL RIGHTS RESERVED

Figure 1 — The PDCA cycle

5 Leadership and worker participation

5.1 Leadership and commitment

© THE BRITISH STANDARDS INSTITUTION 2018 – ALL RIGHTS RESERVED 5

5.2 OH&S policy

5.3 Organizational roles, responsibilities and authorities

5.4 Consultation and participation of workers

6 © THE BRITISH STANDARDS INSTITUTION 2018 – ALL RIGHTS RESERVED

6.1 Actions to address risks and opportunities

© THE BRITISH STANDARDS INSTITUTION 2018 – ALL RIGHTS RESERVED 7

6.1.2 Hazard identification and assessment of risks and opportunities

6.1.2.1 Hazard identification

8 © THE BRITISH STANDARDS INSTITUTION 2018 – ALL RIGHTS RESERVED

6.1.3 Determination of legal requirements and other requirements

© THE BRITISH STANDARDS INSTITUTION 2018 – ALL RIGHTS RESERVED 9

b) other requirements such as:

6.1.4 Planning action

6.2 OH&S objectives and planning to achieve them

10 © THE BRITISH STANDARDS INSTITUTION 2018 – ALL RIGHTS RESERVED

6.2.2 Planning to achieve OH&S objectives

© THE BRITISH STANDARDS INSTITUTION 2018 – ALL RIGHTS RESERVED 11

12 © THE BRITISH STANDARDS INSTITUTION 2018 – ALL RIGHTS RESERVED

7.4.2 Internal communication

7.4.3 External communication

© THE BRITISH STANDARDS INSTITUTION 2018 – ALL RIGHTS RESERVED 13

c) the use of multiple contractors at the worksite;

7.5 Documented information

14 © THE BRITISH STANDARDS INSTITUTION 2018 – ALL RIGHTS RESERVED

7.5.2 Creating and updating

7.5.3 Control of documented information

8.1 Operational planning and control

© THE BRITISH STANDARDS INSTITUTION 2018 – ALL RIGHTS RESERVED 15