Transitioning from OHSAS 18001 to ISO 45001

The publication of the 2015 versions of ISO 9001 and ISO 14001 was touted as pivotal in the history of
these management systems due to the changes in content and structure. The adoption of the Annex SL
framework and introduction of risk-based thinking, among other changes, led Management
Representatives and management standard practitioners scrambling to understand the implications of
the revisions to their own management systems. As the dust begins to settle, certified organizations ask
with bated breath, “What’s next?”.

March 2018 will see the release of ISO 45001 which shall be ISO’s version of the popular British standard
for occupational health and safety – OHSAS 18001. The creation of ISO 45001 can only be described as
timely as many organizations around the world have integrated OHSAS 18001 in their management
systems. Changes in both ISO 9001 and ISO 14001 can only entail aligning the OH&S management
system as well. The development of ISO 45001 makes this alignment as painless as possible while
ensuring that the important elements of the reference standard are retained.

The development of ISO 45001 started in 2013 with the creation of the ISO Project Committee 283 that
was tasked to re-examine OHSAS 18001 and convert it into an ISO standard. Incidentally, the secretariat
was assigned to the BSI Group – UK’s national standards body that also provided the secretariat for
OHSAS 18001.

Based on the draft versions of the new standard, much of the original content of OHSAS 18001 shall be
retained such as:

 Proactive attitude towards the prevention of injury and ill-health

 Setting of OH&S policy and objectives
 Internal audits and management reviews
 Following a hierarchy of controls in reducing OH&S risks

There are, however, some new content and enhanced requirements as ISO 45001 followed in the tracks
of ISO 9001 and 14001 in adopting the framework described in Annex SL. Some of these, as seen in the
draft versions, are as follows:

 In keeping with the Annex SL framework, ISO 45001 shall require determination of external and
internal issues relevant to the organization’s OH&S management system such as: political,
sociocultural, environmental, legal, technological and economic issues (i.e. external); and
organizational culture, governance, and structure (i.e. internal).
 References to preventive action have been removed, to be replaced with other clauses that
serve to manage the organization’s risks such as: (1) understanding the organization’s internal
and external issues; (2) planning actions to address risks and opportunities; (3) commitment to
satisfy applicable legal requirements and other requirements; and (4) emergency preparedness
and response.
 Continual improvement, while described in OHSAS 18001 as a result of interaction of OH&S
elements, was given more emphasis in ISO 45001 where it was given a specific clause. Contents
of the clause, however, are more or less the same as in OHSAS 18001.
 In understanding the needs and expectations of workers and other interested parties, ISO 45001
shall include a subclause where the organization shall determine which of these needs and
 expectations are to become obligatory requirements and which are to be mere voluntary
commitments.
 ISO 45001 shall require that outsourced processes affecting the OHSMS are controlled and that
performance indicators are used to monitor performance. This further expands the OHSAS
18001 requirements for contracted services that focus mainly on communication of OH&S
policies and procedures, fulfillment of OH&S obligations, competency and awareness, etc.
 Commitment to the OHSMS by top management is given more emphasis in ISO 45001 such that
direct participation (i.e. cannot be delegated) is required of them in: (1) taking overall
responsibility in the worker’s health and safety; (2) ensuring that OH&S policies and objectives
are aligned with the organization’s strategies; (3) integration of OH&S in the organization’s
processes; (4) ensuring attainment of OHSMS intended outcomes; etc.
 Use of the term “documented information” to include electronic data such as those processed
and stored on electronic equipment and devices (e.g. smartphones and tablets).

Change, as they say, can be wrought with dread and anxiety but organizations can heave a collective
sigh of relief with ISO’s decision to create its own standard for occupational health and safety. As much
as transitioning to the new standard involves hard work, organizations can rest assured that they shall
be managing their organization’s OH&S risks better upon adopting the new standard.

Bonny R. Bonito, BSChE, PgDR&DM, MBA

Consultant
Neville-Clarke Philippines, Inc.