WHITEPAPER

HEALTH AND SAFET Y

ISO 45001
How to implement the international standard
for occupational health and safety

Benefit from the standard

Be sure to meet the requirements
Implement actions correctly
Actively involve employees
Get certified

1
 INTRODUCTION

Since March 12th, 2018, occupational health and safety (OH&S) management systems
have a new ISO standard: the ISO 45001. It repaces the previously applicable OHSAS
18001 standard. Companies with occupational health and safety management systems
under OHSAS 18001 have had over three years since the publication of ISO 45001 to
transition their systems to meet the requirements of the new standard. The original
deadline was extended for an additional six months in light of the Corona pandemic
and ended on September 30th, 2021. Having an occupational health and safety system
in compliance with ISO 45001 is worthwhile: It will increase employee safety, motivation
and productivity, as well as bolstering the company image. In this whitepaper, we will
explain the requirements of ISO 45001. You will also learn what concrete steps to take
to implement the standard and upgrade your existing occupational health and safety
management system in accordance with ISO 45001.

DID YOU KNOW ?

According to the International Labour Organization (ILO),

2.78 million people lose their lives every year due to
workplace accidents and occupational ­diseases. These are
alarming figures, and standards such as ISO 45001 can help
combat this problem.

2.78
MILLION PEOPLE
 CONTENTS

1 How did ISO 45001 come about?........ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

2 Who needs an ISO 45001 compliant OH&SMS?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
3 ISO 45001 at a glance: the standard’s structure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
4 How to implement the changes: requirements and specific actions.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
– New terms and definitions Clause 3. ....... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
– The organization and its context Clause 4.1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . 9
– Needs and expectations of workers and other interested parties Clause 4.2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
– Leadership and commitment of the top management Clause 5.1.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
– Consultation and participation of workers Clause 5.4.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
– Actions to address risks and opportunities Clause 6.1/6.1.2/6.1.4 .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
– Contractors and outsourcing Clause 8.1.4.2/8.1.4.3.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

5 Implementing ISO 45001 step by step. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

6 Support along the way............................ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
7 ISO 45001 certification: How you benefit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

3
WHITEPAPER HEALTH & SAFETY // ISO 45001

1 How did ISO 45001 come about?

The purpose of OHSAS (Occupational Health and Safety Assessment Series)

18001 was to enable companies to provide certified proof of an effective occu-
pational health and safety management system. The standard was issued by the
British Standards Institution (BSI) and recognized by other national standardiza-
tion organisations to the point where it was used internationally, but had not
attained the status of an international standard.

In 2013, the International Organization for Standardization (ISO) decided at the

BSI’s request to develop a new, international standard. Following a long develop-
ment process, ISO 45001:2018 was published on March 12, 2018, and then trans-
ferred to the national level by national standardization bodies.

With ISO 45001, a unified global standard for company occupational health and
safety management system (OH&SMS) is now available for the first time. The new
standard replaces OHSAS 18001, which was withdrawn at the end of the transition
period on September 30th, 2021.

OHSAS
18001
ISO
45001

4
2 Who needs an ISO 45001 compliant OH&SMS?

Organizations wanting to transfer Organizations whose OHSAS 18001 Organizations whose (potential)
their occupational health and safety certificate expired in September 2021 ­business partners require them
measures to a reliable structure of and who wish to or have to remain to hold an ISO 45001 compliant
continual improvement. certified. OH&S certificate.

Organizations are subject to extensive
legal requirements that oblige them to
provide comprehensive health and safety
protection in the workplace for their
workers. For instance, they must carry
out risk assessments and derive safety
measures from them, continually improve
health and safety protection, train and
instruct their workers, and document all
these activities. Introducing an OH&SMS
provides organizations with a useful
tool to ensure both the structured and
continual implementation of actions and
compliance with the legal requirements
(“legal compliance”).
Organizations that have not managed to
switch their OH&S management systems
over from OHSAS 18001 to ISO 45001 with-
in the designated transition period, but
who still need to prove that they have an
OH&S management system can use the
existing basis at their company and further
develop this system to meet ISO 45001
requirements. In this case, a first-time certi-
fication for ISO 45001 will be necessary.
It is increasingly important for organi-
zations not only to improve their own,
internal occupational health and safety,
but also to look beyond the confines
of their own organization. Stakeholders
are interested in the conditions under
which natural resources are extracted and
primary and semi-finished products are
produced. Looking at occupational health
and safety across the entire supply chain
is therefore also a key requirement of
ISO 45001. Already today, many organiza-
tions insist on ISO 45001 certification as an
essential requirement for entering into a
business relationship with their partners
(e.g., suppliers). This will put more and
more pressure on businesses across the
supply chain to get certified.

GOOD TO KNOW

How much time should I allow for

to become ISO 45001 certified?
The time frame for migrating an existing OH&SMS or intro-
ducing a new system will depend on many different factors,
such as the size and complexity of the organization and the
degree of maturity of its existing management system(s).
An average of 9 to 14 months can be regarded as realistic.

9–14
MONTHS

5
WHITEPAPER HEALTH & SAFETY // ISO 45001

3 ISO 45001 at a glance: the standard’s structure

The structure and requirements of ISO 45001 are based on the
High-Level Structure (HLS) introduced by ISO in 2012. This is a
unified structure, which applies to all new management system
standards and consists of a set of ten clauses, with the require-
ments of the relevant management system set out in Clauses
four to ten (see Table 1). Clauses one to three provide introduc-
tory information on the relevant standard, such as its scope of
content (Clause 1 – here: OH&SMS), references to other norms
(Clause 2 – e.g., references to associated guidelines; however, in
the case of ISO 45001 there are none) and terms and definitions
(Clause 3 – all terms relevant to the standard are defined here).
Therefore, ISO 45001 now too has a harmonized structure, just
like ISO 9001 (quality management systems), 14001 (environ-
mental management systems), and 50001 (energy management
systems).
The HLS is based on the Plan-Do-Check-Act management cycle
(PDCA cycle) while adding a number of new or stricter require-
ments to it. The PDCA cycle in the HLS comprises the following
requirements:

PLAN: CHECK:

Clause 4: Context of the organization Clause 9: Performance evaluation

The organization should analyze both its external and internal Review of the OH&SMS through monitoring, measuring, ­
environment in order to establish the scope of application of the analysis, and evaluation, internal system and compliance audits,
OH&SMS as well as its processes based on this analysis. and management evaluation.

Clause 5: Leadership ACT:

Top management must demonstrate leadership through
­dedication and commitment, determine the OH&S policy and Clause 10: Improvement
the necessary organizational structure, and involve their workers Further development of the OH&SMS by eliminating nonconfor-
in the OH&SMS. mities and implementing immediate and corrective actions.

Clause 6: Planning
The objectives and measures for the OH&SMS are derived from
the identification of risks and opportunities as well as hazards.

DO:

Clause 7: Support PLAN

Provision of the necessary resources, development of compe-
tence and awareness, internal and external communication,
and documentation of the OH&SMS.
ACT DO
Clause 8: Operation
Planning and management of the processes, focusing in par-
ticular on upstream, downstream, and outsourced processes,
procurement, contractors, and business continuity management. CHECK

6
 1 2 3
Scope Normative Terms and
­references ­definitions

PLAN: DO: CHECK: ACT:

4 5 6 7 8 9 10
Context of the Leadership Planning Support Operation Performance Improvement
organization evaluation

4.1 5.1 6.1 7.1 8.1 9.1 10.1

Understanding Leadership and Actions to Resources Operational Monitoring, General
the organization commitment address risks and ­planning and measurement,
and its context opportunities control analysis, and
performance
evaluation
4.2 5.2 6.1.1 7.2 8.1.1 9.1.1 10.2
Understanding OH&S policy General Competence General General Incident,
the needs and ­nonconformity,
expectations and corrective
of workers and action
­interested parties
4.3 5.3 6.1.2 7.3 8.1.2 9.1.2 10.3
Determining Roles, responsibil- Hazard identifica- Awareness Eliminating Evaluation of Continual
the scope of the ities, and authori- tion and assess- ­hazards and compliance ­improvement
OH&S manage- zations within the ment of risks and reducing
ment system organization opportunities OH&S risks
4.4 5.4 6.1.3 7.4 8.1.3 9.2
OH&S manage- Consultation and Determination of Communication Management Internal audit
ment system participation of legal and other of change
workers requirements

6.1.4 7.4.1 8.1.4 9.2.1

Planning action General Procurement General
Annex A (informative):
Guide for the application

A.1 Scope
6.2 7.4.2 8.2 9.2.2
A.2 Normative references OH&S objectives Internal Emergency Internal audit
A.3 Terms and definitions and planning to ­communication ­preparedness program
A.4 Context of the achieve them and response
organization
A.5 Leadership and 6.2.1 7.4.3 9.3
worker participation OH&S objectives External Management
A.6 Planning ­communication review
A.7 Support
A.8 Operation
6.2.2 7.5
A.9 Performance evaluation Planning to Documented
A.10 Improvement achieve OH&S information
objectives

Table 1: Breakdown of ISO 45001:2018 based on the High-Level Structure

7
WHITEPAPER HEALTH & SAFETY // ISO 45001
4 How to implement the changes:
requirements and specific actions
Based on the sequence of the standard’s clauses, only the new requirements resulting from the
ISO 45001 standard will be examined in the following. Starting with explaining the changes,
we will then provide you, on that basis, with methodical tips for their implementation and with
­practical advice.
New terms and definitions Clause 3
Compared with OHSAS 18001, ISO 45001 contains some entirely
new (e.g., Clause 4: Context of the organization) and some stricter
requirements (e.g., Clause 5: Leadership). This is also reflected in
the terminology used.
The term worker has a much wider meaning now. A worker is
expressly defined as any person performing work for the organiza-
tion – irrespective of whether it is paid or unpaid, seasonal, casual,
or full-time work, or whether the worker supports the organiza-
tion internally or externally. This suggests that outsourced services,
procurement contracts, and subcontractors are coming under
increased scrutiny. The group of people employed by the organi-
zation as “workers”, as understood by the ISO 45001 standard, has
become larger and includes, among others, workers at external
providers (e.g., suppliers), contractors (e.g., maintenance or clean-
ing companies), and temporary employment agencies. All these
workers must be included in the organization’s OH&S measures.
Context of the organization: This refers to internal and
external issues which impact on the OH&SMS either positively or
negatively. Issues are conditions that are of immediate relevance
or undergoing political or legal changes. They may, however, also
concern aspects within (e.g., financial standing or knowledge of
the organization) and outside (e.g., new products or available
labor market potential) the organization.
8
Risks and opportunities: Risk is an effect where the likelihood
of occurrence and the severity of damage that may be caused
are uncertain. In ISO 45001, risk refers not only to OH&S risks but
also to risks for the OH&SMS (e.g., prohibition of substances). Risks,
as understood by the ISO 45001 standard, can also have positive
outcomes, in which case they are referred to as opportunities.
Apart from the assessment of risks and hazards, the standard also
looks at the opportunities that may result from the various OH&S
aspects for the organization. They are taken into account in the
evaluation and derivation of OH&S objectives and measures.
“Co-determination and consultation” is replaced by
­“Participation and consultation”. Consultation focuses on
mutual communication, i.e., dialog and interaction where workers
are asked for their views. Participation aims to involve the workers
in important decision-making processes regarding the OH&SMS.
“Documents and records” is replaced by “documented
information”. This comprises any information required to be
produced, controlled, and maintained by an organization. No
linguistic distinction is made between specification documents and
supporting documents. ISO 45001 defines the specific documented
information to be maintained, as did OHSAS 18001 previously.
TIP
Find out in Clause 5.4 what exactly the
topics are on which workers must be con-
sulted or where they must be involved.
Note:
The key terms of ISO 45001 are defined in Clause 3
of the standard.
The organization and its context Clause. 4.1

What is the requirement? How is this implemented by organizations?

Organizations are characterized by their internal structures and Every organization must develop its own methodical approach
processes and their integration into an external environment. to identify its internal and external issues. Workshops at company
To develop an understanding of this larger context in which level, department level, or at process level could be one way of
the organization operates, all internal and external issues that doing this. Cluster the issues and, most crucially, derive measures
influence the organization’s OH&S policy, OH&S objectives, and to best tackle the issues in the context of your OH&SMS. It is not
OH&S processes should be identified and considered during the particularly useful to merely produce a collection of issues.
implementation and improvement of the OH&SMS. This means
organizations need to consider and be aware of both their actual
business activity and the environment in which they operate.
TIP
Here are some examples of relevant issues:
Cluster the issues using, for example,
The cultural, social, political, legal, financial, technological, the PESTEL analysis:
economic, and natural environment
– Politics
Competitors, contractors, suppliers, partners, new technolo- – Economy
gies, new laws, and the emergence of new fields of work – Social
– Technology
New knowledge of products and their effects on – Environment
health and safety – Law

Internal resources, the organization’s own knowledge and

competence (for example financial resources, time, staff,
­processes, systems, and technologies)
Note:
Standards, guidelines, and models adopted by Other examples of external and internal issues can be found
the organization in Annex A.4.1 to ISO 45001.

9
WHITEPAPER HEALTH & SAFETY // ISO 45001

Needs and expectations of workers and

other interested parties Clause 4.2

What is the requirement? How is this implemented by organizations?

ISO 45001 requires organizations to pay greater attention to the
needs and expectations of their workers and other interested
parties. Their needs and expectations have to be determined
and checked to ascertain whether any legal or other binding
requirements arise from them. The term “worker ” has already
been explained above. Interested parties are individuals or orga-
nizations that are either able to influence a decision or activity of
the organization or are influenced by such a decision or activity.
Possible interested parties are, for example:
Customers, communities, suppliers, supervisory bodies,
non-governmental organizations, investors (external)
Employees, management, works council, representatives
(internal)
It is useful to consider the implementation of the standard
requirements 4.1 and 4.2 in conjunction with one other. The
following steps are recommended for their implementation:
1. Assign issues arising from the context analysis (e.g., prohibi-
tion of substances or customer requirements) to the specific
interested parties.
2. Cluster the issues and parties that you identified (e.g., based
on strategic/operational issues or based on departments).
3. Evaluate the relevance of the issues and parties you
­identified.
4. Derive measures for the key issues and parties from
your analysis, including an assessment of the binding
­commitments.

TIP

Document the results of your analysis on a form.

Combine the evaluation of the issues and the parties with a risk and
opportunity assessment.

Check on a regular basis that your context analysis is still up to date

and discuss it as part of the management review.

10
Leadership and commitment of the
top management Clause 5.1
What is the requirement?
With the introduction of ISO 45001, greater emphasis has been
put on top management (TM) involvement in the OH&SMS. The
following duties of the TM are specifically defined in Clause 5.1
of the standard:
Determine the policy and objectives of the OH&SMS
Integrate the OH&SMS requirements into business processes
Ensure the availability of the resources required for
the OH&SMS
Convey the importance of an effective OH&SMS and the task
performance of every individual
Support managers and other individuals in fulfilling their tasks
Promote a continual improvement process
Accept accountability for the effectiveness of the OH&SMS
Promote an OH&S culture and protect workers from reprisals
when reporting incidents, hazards, risks, and opportunities
in the OH&SMS
How is this implemented by organizations?
By creating values and strategies as well as participation, informa-
tion and communication processes, the top management must
establish and set an example of an OH&S culture which is then
spread throughout the organization by other managers. The fol-
lowing are some examples of specific actions that TM can initiate:
A self-declaration of commitment to and/or an OH&S policy
on the need for and importance of an internal OH&SMS
The documented allocation of time as well as human and
financial resources to the OH&SMS (e.g., OH&S Officer, OH&S
training, safety and first-aid material)
Initiation and holding of meetings and staff assemblies with
OH&S content
Note:
In the context of audits, the TM must demonstrate more
thoroughly than before how they implement their duties.
Documented information on their commitment is import-
ant proof. The TM can now be held directly responsible for
­nonconformities.
11
WHITEPAPER HEALTH & SAFETY // ISO 45001
Consultation and participation of
workers Clause 5.4
What is the requirement?
An organization must involve its workers in the implementation
of the OH&SMS through consultation and participation. For
non-managerial workers, the standard even sets out specific
issues where consultation and participation is needed. This is
another clear indication of the pivotal role that workers play in an
ISO 45001 based OH&SMS. Indeed, for quality, environmental, or
energy management systems this standard requirement does not
yet exist in this form.
How is this implemented by organizations?
Organizations must ensure that certain conditions are in place
in order to be able to implement consultation and participation
processes.
Note:
The following are examples of how to achieve this:
– Periodic meetings and consultations
– Health and safety committee meetings
– Site inspections
– Training, information events
– Employee suggestion schemes
– OH&S competitions
– Info corner with notice board
12
1. In your role as TM and/or manager, foster a culture of
communication and participation
A culture that encourages open communication and invites
suggestions from employees must be initiated by the top man-
agement and exemplified by all managers. This includes ensuring
that clear and easy-to-understand information on the OH&SMS is
easily accessible, that workers are able to express their views freely
regardless of their positions within the corporate hierarchy, and
that their contributions are appreciated and taken seriously.
2. Establish suitable communication and
participation tools
Often, there are already some actively-practiced health and safety
processes or other management system processes in place which
can be used for the purposes of the OH&SMS.
3. Provide the required time as well as human and
­financial resources
Time, staff, and possibly financial resources are all needed in order
to implement consultation and participation (e.g., by introducing
a bonus system for the employee suggestion scheme).
TIP
There is no need to reinvent the wheel. The
issue of risks and opportunities is also a key
aspect of quality, environmental, or energy
management systems. Check whether any
tried-and-tested tools of these systems can
be used for the OH&S risk and opportunity
assessment or whether it is possible to inte-
grate this assessment in existing assessments.
Actions to address risks and opportunities
Clauses 6.1/6.1.2/6.1.4
What is the requirement?
ISO 45001 requires organizations to identify OH&S-relevant risks
and opportunities on an ongoing basis and to use these findings
to derive appropriate actions for dealing with them (Clause 6.1).
These risks and opportunities arise from the internal and external
issues identified in the context analysis (Clause 4.1), the stakehold-
er analysis (Clause 4.2), the defined scope of application of your
OH&SMS (Clause 4.3), and from the legal obligations and other
requirements (Clause 6.1.3) as strategic risks and opportunities.
Operational opportunities and risks result from workplace-related
risk assessments as per Clause 6.1.2.
The aim of this risk and opportunity-based approach is to
increasingly encourage organizations to act with foresight and in
a precautionary manner in the OH&SMS. By addressing the risks
and opportunities, you can mentally prepare a response to them.
It also gives you a better understanding of internal processes and
structures and external impacts on the organization.
How is this implemented by organizations?
Here, too, the following applies: Every organization must develop
its own methodical approach to identifying risks and opportuni-
ties. The following are useful steps that may be taken:
1. Identify and analyze the risks and opportunities
Risks and opportunities can be identified as part of the
implementation of other standard requirements, such as the
context analysis or legal compliance.
Other tools for risk and opportunity identification are, for
example, company-wide or departmental brainstorming ses-
sions or process-related Turtle diagram analyses (a simplified,
visual process description, similar to a mind map).
2. Assess and prioritize the risks and opportunities
Risks and opportunities can usually be evaluated based
on their likelihood of occurrence and severity (damage or
success). When these two evaluative components are multi-
plied, a ranking and classification (e.g., A, B, C) of the risks and
opportunities can be established. The risk and opportunity
classes determine the need to take action and the urgency
with which actions need to be planned.
3. Derive measures in the OH&SMS, for example
as follows:
Risk class A: The risks are unacceptable, unjustifiable, and
require immediate action to minimize the risk
Risk class B: The risks are justifiable with some reservations,
short-term action is required to minimize the risk
Risk class C: The risks are justifiable, effective preventative
measures are usually established for these
Opportunity classes can be defined in the same way.
TIP
Use a simple points-based system from 5
to 1 to rate the likelihood of occurrence and
­severity. Remember to define plausible rat-
ing criteria. The document ONR 49002:2014
[part of the Austrian Standards Institute’s
ON Rule series on risk management] may be
helpful here.
13
WHITEPAPER HEALTH & SAFETY // ISO 45001

Contractors and outsourcing

Kap. 8.1.4.2, 8.1.4.3

What is the requirement?

The requirements following the inclusion of contractors and

outsourced processes in the OH&SMS are much stricter in ISO
45001 than in previous iterations. They require the organization to
coordinate procurement processes with its contractors in order to
identify hazards and assess and control the OH&S risks. At the same
time, the organization must ensure that contractors and workers
also comply with the requirements of the organization’s OH&SMS.

How and to what extent the company controls outsourced

processes must be set out in the OH&SMS. The organization must
also repeatedly ensure compliance with standing legal obligations.

How is this implemented by organizations?

By establishing procurement policies or OH&S criteria for the

selection of suppliers, the organization can make sure that con-
tractors meet the OH&SMS requirements. Various means can be
employed by the contractor to check whether business partners
adhere to the defined OH&S criteria; the following is a selection:
Requesting certification information
Self-declaration
Note:
Not only will your contractors and outsourced
processes be included in your OH&SMS, but, as
you are also one of your customers’ contractors or
outsourced processes, you yourself may receive
OH&S requirements from them.

Site visits or OH&S audits

Observation of the contractor’s workers and/or activities

14
15
WHITEPAPER HEALTH & SAFETY // ISO 45001

5 Implementing ISO 45001 step by step

To obtain ISO 45001 certification, you will need a structured approach with a regimented time
schedule. We recommend those responsible take the following steps:

STEPS TO-DOS CHECK

1 Determine who will

manage the project
Appoint and assign suitable members of staff to the project “Introduction of/Migration to an
ISO 45001 compliant OH&SMS”. It may be a good idea to set up a project team for this project.

2 Information Inform yourself about the ISO 45001 requirements. Purchase the standard and train project
managers.
Also provide your internal auditors with OH&SMS training.

3 Communication Persistently communicate details of the planned “ISO 45001 Introduction/Migration” project
within your organization, in particular as regards the responsibilities and timeline.

4 GAP analysis Perform a structured gap analysis of your existing occupational health and safety
­management system.
Align all aspects of your existing management system with the requirements of ISO 45001.
If you do not yet have a formalized occupational health and safety management system,
assess whether the current standard of quality of your workplace health and safety rules is
sufficient to meet the standard’s requirements. Because of the extensive and dual nature of
the German occupational health and safety legislation , you will not be starting from scratch.
The gap analysis will show you which requirements of the standard you are already imple-
menting and to what degree. On this basis, you can then develop an implementation plan.

5 Closing the gaps
Define which gaps should be closed by whom, by when, and in what way. You may use the
same structure as set out in ISO 45001 (i.e., Clauses 4 to 10) for this, although you do not have
to use it.
Be sure to adapt your processes, to inform your workers and communicate new ­regulations,
and to adapt the documentation. It is essential that you focus on the new and stricter
­requirements of ISO 45001.
Hold check-in meetings on a regular basis to review what targets have been attained and
plan the next steps.

6 Internal audit Perform an internal audit to assess your level of readiness for (re-) certification. Eliminate any
nonconformities identified here in a timely manner.
If appropriate, you may have an external DELTA audit carried out at this point. This audit
checks whether your existing OH&SMS meets the requirements of ISO 45001.

Table 2: Checklist: Implementing ISO 45001 step by step

16
6 Support along the way

It may be very helpful to use a process-supporting software
during this process, as this can be customized to your own
OH&SMS. Using the integrated checklists and guidance on
actions provided there, the OH&SMS managers can plan their
tasks in the OH&SMS (e.g., OH&S objectives, instructions, audits),
document them (e.g., index of legal provisions, risk assessments),
and analyze them (e.g., legal compliance, number of accidents).
A software program can guide you through the project and
help you manage your OH&SMS efficiently and present it clearly
during internal or external audits.
Your certification body or advisor will support you in performing
a GAP audit or DELTA audit if need be.

7 ISO 45001 certification: How you benefit

Proof that you have a modern OH&SMS based on an

internationally recognized standard

Structured implementation of extensive legal

requirements, improving on and/or ensuring legal
compliance

Systematic improvement of the safety and health of

your workers, resulting in positive effects on their
motivation, identification with the organization, and
productivity as well as on your organization’s image as
an employer

Acceptance of your OH&S standard along the value

chain – ISO 45001certification is already established as
a key criterion for awarding contracts in the context of
customer-supplier relationships

Improve on your competitive market position thanks

to a better understanding of the organization’s context
and interested parties as well as the potential risks and
opportunities

17
 From left to right: Markus Will,
Jana Brauweiler, Annekatrin Kluttig

THE AUTHORS

Quentic, in collaboration with Hochschule Zittau/Görlitz,

University of Applied Science,
working group “Integrated Management Systems”

Prof. Jana Brauweiler is a professor of “Integrated Management Systems” (IMS) at Hochschule Zittau/Görlitz. Together
with Annekatrin Kluttig and Markus Will, she is involved in the working group supporting the effective implementa-
tion of environmental, OH&S, energy, and quality management systems. The group also promotes the integration of
such systems in industrial SMEs.

At Hochschule Zittau/Görlitz, Jana Brauweiler and Markus Will are responsible for the education and training of
students on the master study courses “Integrated Management Systems” and “Integrated Management”. Together
they have published a number of practical guides on occupational health and safety management systems, on
­environmental management, and on the auditing of management systems. They are also both working as advisors
and coaches for companies to support the implementation of such systems in their day-to-day business activities.

QUENTIC. OUR COMPANY

Quentic is one of the leading solution providers of Software as a Service (SaaS) for Editor
HSEQ and ESG management. The company is headquartered in Berlin, Germany, and Quentic GmbH
Schreiberhauer Str. 30
employs more than 250 people. Branch offices are located in Germany, Austria, Swit-
10317 Berlin
zerland, Finland, Sweden, Denmark, Belgium, the Netherlands, France, Spain and Italy.
+ 49 30 921 0000 0
contact.en@quentic.com
QUENTIC. THE SOFT WARE www.quentic.com

Photo Credits
title: iStock.com/PeopleImages
The Quentic platform comprises ten individually combinable modules and offers
p. 9: iStock.com/cgtoolbox
an ideal way for companies to manage Health & Safety, Risks & Audits, Incidents p. 10: iStock.com/AJ_Watt
& Observations, Hazardous Chemicals, Control of Work, Legal Compliance, Online p.11: iStock.com/FatCamera
Instructions, Processes, Environmental Management and Sustainability. The portfolio p.12: iStock.com/stocknroll
is complemented by the Quentic App for mobile reporting and by Quentic Analytics p.14: iStock.com/asbe
for powerful HSEQ data analysis using clear and daily updated dashboards. Over 900 p.14: iStock.com/AzmanL

companies rely on Quentic software solutions to strengthen their organization's

HSEQ management and responsibility-related areas in Environment, Social and
Governance (ESG). The integrative software is also suited to supporting comprehensive
QC2OR1

management systems in compliance with ISO 14001, ISO ISO 45001 and ISO 50001.