Job Number: Date of audit: Signature of Auditor:

Conformance
OHSAS 18001:2007 Requirement Observations & Objective Evidence
Y N N/A

4.1 General
Has the scope of the OHS management system been
defined & documented?

4.2 Policy
Has the OHS policy been defined and documented?

Is the policy appropriate for the site, all of the activities

performed and their potential OHS risks?

Does the policy :

 Include commitments to prevention of injury

and ill health and continual improvement in
OH&S management and OH&S
performance?

 Include commitments to at least comply with

applicable legal requirements and with other
requirements to which the organization
subscribes that relate to its OH&S hazards?
 provide the framework for setting and
reviewing OH&S objectives?

Is the policy is documented, implemented and

maintained?

Has the policy has been communicated to all persons

working under the control of the organization with the
intent that they are made aware of their individual
OH&S obligations?

Is policy available to interested parties?

Is the policy reviewed periodically to ensure that it

remains relevant and appropriate to the organization?

Page 1 of 12
Issue 1
Job No: Date of audit: Signature of Auditor:
Conformance
OHSAS 18001:2007 Requirement Observations & Objective Evidence
Y N N/A

4.3.1 Hazard ID, Risk Assessment & Control

Has a procedure been established, implemented and
maintained for the ongoing hazard identification, risk
assessment, and determination of necessary controls?
Does the procedure(s) take into account:
 routine and non-routine activities?

 activities of all persons having access to the

workplace (including contractors and
visitors)?

 human behaviour, capabilities and other

human factors?

 identified hazards originating outside the

workplace capable of adversely affecting the
health and safety of persons under the control
of the organization within the workplace?

 hazards created in the vicinity of the

workplace by work-related activities under the
control of the organization?

 infrastructure, equipment and materials at the

workplace, whether provided by the
organization or others?

 changes or proposed changes in the

organization, its activities, or materials ?

 modifications to the OH&S management

system, including temporary changes, and
their impacts on operations, processes, and
activities?

 any applicable legal obligations relating to risk

assessment and implementation of necessary
controls?

 the design of work areas, processes,

installations, machinery/equipment, operating
procedures and work organization, including
their adaptation to human capabilities?

Is methodology for hazard identification and risk

assessment defined with respect to its scope, nature
and timing to ensure it is proactive?

Does the methodology for hazard identification and

risk assessment provide for the identification,
prioritization and documentation of risks; the
application of controls, as appropriate?

Does the organization identify the OH&S hazards and

assess OH&S risks associated with changes in the
management system, or its activities, prior to their
introduction of such changes?

Page 2 of 12
Issue 1
Job No: Date of audit: Signature of Auditor:
Conformance
OHSAS 18001:2007 Requirement Observations & Objective Evidence
Y N N/A

Are the results of these assessments considered when

determining controls?
Is the following hierarchy employed when determining
controls, or considering changes to existing controls,
consideration?
a) elimination
b) substitution
c) engineering controls
d) signage/warnings and/or administrative controls
e) personal protective equipment.

Are the results of hazards identification, and risk

assessment and controls kept up to date?

Are OH&S risks and determined controls taken into

account when establishing, implementing and
maintaining the OH&S management system?

4.3.2 Legal and Other Requirements

Has a procedure(s) been established, implemented
and maintained for identifying and accessing the legal
and other applicable OH&S requirements?

Are these applicable legal requirements and other

requirements taken into account in establishing,
implementing and maintaining the OH&S management
system?

Is this information kept up-to-date?

Is there a mechanism for communicating relevant

information on legal and other requirements to persons
working under the control of the organization and other
relevant interested parties?

4.3.3 Objectives and Programme(s)

Are OHS objectives established, implemented and
maintained at each relevant function and level?

Are objectives:
 measurable, where practicable,
 consistent with the OH&S policy,
 consistent with commitments to the
prevention of injury and ill health,
 consistent with commitment to compliance
with applicable legal requirements and with
other requirements to which the organization
subscribes,

 consistent with the commitments to continual

improvement?

Page 3 of 12
Issue 1
Job No: Date of audit: Signature of Auditor:
Conformance
OHSAS 18001:2007 Requirement Observations & Objective Evidence
Y N N/A

Are the following taken into account when objectives

are established and reviewed:

 legal & other requirements,

 OH&S risks,
 technological options,
 financial options,
 operational issues
 business requirements,
 views of relevant interested
Has program(s) for the achievement of OHS objectives
been established, implemented and maintained?
Have responsibilities and authorities been assigned for
OHS management program(s) at each appropriate
function and level?
Has the organization identified the means and time-
frame for achievement of its OHS objectives?

Is program(s) reviewed at regular planned intervals

and adjusted as necessary, to ensure that the
objectives are achieved?

Page 4 of 12
Issue 1
Job No: Date of audit: Signature of Auditor:

4.4.1 Resources, roles, responsibility,

accountability and authority
Have Top management provided resources?

Has Top management defined roles, allocated

responsibilities and accountabilities, and delegated
authorities to facilitate effective OH&S management?

Have roles, responsibilities, accountabilities, and

authorities been documented and communicated?

Has a Top Management Appointee been assigned?

Does the Appointee have defined roles and authority

towards OHS system and performance reports?

Has the identity of the top management appointee

been made available to all persons working under the
control of the organization?

Have all those with management responsibility

demonstrated their commitment to the continual
improvement of OHS performances?

Does the organization ensure that persons in the

workplace take responsibility for aspects of OH&S over
which they have control, including adherence to the
organization’s applicable OH&S requirements?

4.4.2 Competence, Training and Awareness

Does the organization ensure that any person(s) under
its control performing tasks that may impact on OH&S
is (are) competent on the basis of appropriate
education, training or experience, and retain
associated records?

Does the organization identify training needs

associated with its OH&S risks and its OH&S
management system?

Does the organization provide training or take other

action to meet these needs?

Does the organization evaluate the effectiveness of the

training or action taken, and retain associated records?
Has the organization established, implemented and
maintained a procedure(s) to ensure persons working
under its controll are aware of :

 OH&S consequences, actual or potential, of

their work activities, their behaviour, and the
OH&S benefits of improved personal
performance?

 their roles and responsibilities and importance

in achieving conformity to the OH&S policy
and procedures and to the requirements of
the OH&S management system, including
emergency preparedness and response
requirements?

 the potential consequences of departure from

specified procedures?

Page 5 of 12
Issue 1
Job No: Date of audit: Signature of Auditor:
Do training procedures take into account differing
levels of responsibility, ability, language skills, literacy
and risk?

4.4.3 Communication, participation and

consultation
Has the organization established, implemented and
maintained a procedure(s) for :

 internal communication among various levels

and functions?

 communication with contractors and other

visitors to the workplace?

 receiving, documenting and responding to

relevant communications from external
interested parties?

 consultation with contractors where there are

changes that affect their OH&S?

 the participation of workers by their

involvement in
o hazard identification, risk
assessments and
o determination of controls,
o incident investigation;
o development and review of OH&S
policies and objectives;
o consultation where there are any
changes that affect their OH&S;
o representation on OH&S matters.

Are workers informed about their participation

arrangements, including who is their representative(s)
on OH&S matters?

Are relevant external interested parties are consulted

about pertinent OH&S issues?

4.4.4 Documentation
Does the OHS Management systems contain :
a) OH&S policy and objectives,
b) description of the scope of the OH&S
management system,
c) description of the main elements of the
OH&S management system and their
interaction, and reference to related
documents,
d) documents, including records, required
by this OHSAS standard,
e) documents, including records,
determined by the organization to be
necessary to ensure the effective
planning, operation and control of
processes that relate to the management
of its OH&S risks.

Page 6 of 12
Issue 1
Job No: Date of audit: Signature of Auditor:
4.4.5 Control of Documents & Data
Has a procedure(s) been established, implemented
and maintained to

 approve documents for adequacy prior to

issue?

 review and update as necessary and re-

approve documents?

 ensure that changes and the current revision

status of documents are identified?

 ensure that relevant versions of applicable

documents are available at points of use?

 ensure that documents remain legible and

readily identifiable?

 ensure that documents of external origin are

identified and their distribution controlled?
 prevent the unintended use of obsolete
documents and apply suitable identification to
them if they are retained for any purpose?

Are documents required by the management system

OHSAS 18001 controlled?

4.4.6 Operational Controls

Has the organization determined operations and
activities that are associated with the identified
hazard(s) where the implementation of controls is
necessary to manage the OH&S risk(s)?

Doest this include the management of change?

Does the organization implement and maintain

operational controls, as applicable to the organization
and its activities?

Does the organization integrate those operational

controls into its overall OH&S management system?

Does the organization implement and maintain

controls related to purchased goods, equipment and
services?

Does the organization implement and maintain

controls related to contractors and other visitors to the
workplace?

Are documented procedures implemented and

maintained to cover situations where their absence
could lead to deviations from the OH&S policy and the
objectives?

Has the organisation implemented and maintained

stipulated operating criteria where their absence could
lead to deviations from the OH&S policy and
objectives?

Page 7 of 12
Issue 1
Job No: Date of audit: Signature of Auditor:
4.4.7 Emergency Preparedness & Response
Has a procedure(s) been established, implemented
and maintained to identify the potential and to respond
to emergency situations?

Does the organization respond to actual emergency

situations and prevent or mitigate associated adverse
OH&S consequences?

Does the organization take account of the needs of

relevant interested parties, e.g. emergency services
and neighbours in planning its emergency response?
Does the organization periodically test its procedure(s)
to respond to emergency situations, where practicable,
involving relevant interested parties as appropriate?
Does the organization periodically review and, where
necessary, revise its emergency preparedness and
response procedure(s), in particular, after periodical
testing and after the occurrence of emergency
situations?

4.5.1 Performance Monitoring

Have procedures been established, implemented and
maintained to monitor and measure OH&S
performance on a regular basis?

Does this procedure(s) provide for

 both qualitative and quantitative measures,

appropriate to the needs of the organization?

 monitoring of the extent to which the

organization’s OH&S objectives are met?

 monitoring the effectiveness of controls (for

health as well as for safety)?

 proactive measures of performance that

monitor conformance with the OH&S
programme(s), controls and operational
criteria?

 reactive measures of performance that

monitor ill health, incidents (including
accidents, near-misses, etc.), and other
historical evidence of deficient OH&S
performance?

 recording of data and results of monitoring

and measurement sufficient to facilitate
subsequent corrective action and preventive
action analysis?

 calibration and maintenance of the equipment

is required to monitor or measure
performance?
 Retention of calibration and maintenance
records?

4.5.2.1 Evaluation of Legal Compliance

Has a procedure(s) been established, implemented
and maintained for periodically evaluating compliance
with applicable legal requirements?

Page 8 of 12
Issue 1
Job No: Date of audit: Signature of Auditor:
Are records of the results of these periodic evaluations
retained?

4.5.2.2 Evaluation of Compliance with Other

Requirements
Does the organization evaluate compliance with other
requirements to which it subscribes?

Are records of the results of these periodic evaluations

retained?

4.5.3.1 Incident Investigation

Have procedures been established, implemented and
maintained to
record, investigate and analyze incidents in order to
determine underlying OH&S deficiencies and other
factors that may be causing or contributing to the
occurrence of incidents?
record, investigate and analyze incidents in order to
identify the need for corrective action, identify
opportunities for preventive action and identify
opportunities for continual improvement?
to record, investigate and analyze incidents in order to
communicate the results of such investigations?

Are the investigations performed in a timely manner?

Is any identified need for corrective action or

opportunities for preventive action dealt with in
accordance with the relevant parts of 4.5.3.2?

Are the results of incident investigations documented

and maintained?

4.5.3.2 Non-conformance, Corrective and

Preventive Action
Does the organization establish, implement and
maintain a procedure(s)

 for dealing with actual and potential

nonconformity(ies) and for taking corrective
action and preventive action?

 for identifying and correcting

nonconformity(ies) and taking action(s) to
mitigate their OH&S consequences?

 for investigating nonconformity(ies),

determining their cause(s) and taking actions
in order to avoid their recurrence?

 for evaluating the need for action(s) to

prevent nonconformity(ies) and implementing
appropriate actions designed to avoid their
occurrence?
 for recording and communicating the results
of corrective action(s) and preventive
action(s) taken?

 for reviewing the effectiveness of corrective

action(s) and preventive action(s) taken?

Page 9 of 12
Issue 1
Job No: Date of audit: Signature of Auditor:
Does the procedure(s) require that the proposed
actions shall be taken through a risk assessment prior
to implementation where the corrective action and
preventive action identifies new or changed hazards or
the need for new or changed controls?
Is any corrective action or preventive action taken to
eliminate the causes of actual and potential
nonconformity (ies) appropriate to the magnitude of
problems and commensurate with the OH&S risk(s)
encountered?

Are any necessary changes arising from corrective

action and preventive action are made to the OH&S
management system documentation?

4.5.4 Records
Doe the organization establish and maintain records
as necessary to demonstrate conformity to the
requirements of its OH&S management system,
OHSAS 18001and the results achieved?

Does the organization establish, implement and

maintain a procedure(s) for
 identification,
 storage,
 protection,
 retrieval,
 retention and

 disposal of records?

Are records legible, identifiable and traceable?

4.5.5 Internal audit

Are audit procedure(s) established, implemented and
maintained that address the responsibilities,
competencies, and requirements for planning and
conducting audits, reporting results and retaining
associated records; and the determination of audit
criteria, scope, frequency and methods?

Are audit programme(s) planned, established,

implemented and maintained by the organization,
based on the results of risk assessments of the
organization’s activities, and the results of previous
audits?

Are internal audits conducted at planned intervals to

determine whether :
 the OH&S management system conforms to
planned arrangements ?

 the OH&S management system conforms to

OHSAS 18001?

 the OH&S management system has been

properly implemented and is maintained?

 the OH&S management system is effective in

meeting the organization’s policy and
objectives?

Page 10 of 12
Issue 1
Job No: Date of audit: Signature of Auditor:
Are internal audits conducted at planned intervals to
provide information on the results of audits to
management?

Does selection of auditors and conduct of audits

ensure objectivity and the impartiality of the audit
process?

4.6 Management Review

Does top management review the OH&S management
system, at planned intervals, to ensure its continuing
suitability, adequacy and effectiveness?

Are records of the management reviews retained?

Does input to management review include:

 review of OHS policy & OHS Objectives
 results of internal audits
 evaluations of compliance with applicable
legal and other requirements?

 the results of participation and consultation ?

 relevant communication(s) from external

interested parties, including complaints?
 OH&S performance

 the extent to which objectives have been

met?

 status of incident investigations, corrective

actions and preventive actions?

 follow-up actions from previous management

reviews?

 changing circumstances, including

developments in legal and other requirements
related to OH&S?
 recommendations for improvement

Are the outputs from management reviews consistent

with the organization's commitment to continual
improvement?

Do the outputs from management reviews include any

decisions, actions and changes in relation to:
a) OH&S performance
b) OH&S policy and objectives
c) resources, and
d) other elements of the OH&S management
system.
Page 11 of 12
Issue 1
Job No: Date of audit: Signature of Auditor:
Are relevant outputs from management review made
available for communication and consultation?

Page 12 of 12
Issue 1