12 steps for implementation and certification against ISO 45001

Updated 2018-11-13 according to ISO 45001

Implementing and gaining certification for an Occupational Health & Safety (OH&S) management system can be tricky, and you might become quickly overwhelmed by the many requirements of the ISO 45001 standard. To help make this easier to understand, the following 12 steps detail some important questions to ask about essential elements of your system.

Implementation steps

1) Get the support of management: How will you get critical management support ‑ talk to individuals separately, or in a joint meeting? To help with your sales pitch, take a look at this article on 4 key benefits of ISO 45001 for your business and this Project plan for ISO 45001 implementation.

2) Know your legal requirements: Do you have health & safety laws for your industry? Have you looked at the regional, state, national, and international level? Section 6.1.3 of ISO 45001 outlines the requirements for knowing and maintaining your compliance so that your implementation will succeed.

3) Define the scope of your OH&S management system: Is your OH&S management system applicable to your entire company, or just one location of a multi-location company? This will be critical for writing your OH&S Policy, and objectives and plans that guide your OH&S management system.

4) Define the processes and procedures: What processes and procedures need to be defined to control the OH&S hazards within your company? How will you identify all of your hazards, and the risks associated with them, so that you can ensure the proper controls will be in place? What risk assessment do you need to do? What operational controls and emergency preparedness procedures do you need? What will you write down, and what can be controlled through proper training and awareness? For some guidance, check out this white paper: Checklist of Mandatory Documentation Required by ISO 45001.

5) Implement the OH&S processes and procedures: What do you need to do to put into place all of the processes and procedures from Step 4? What sort of hierarchy of controls and procedures do you need? Do you need to work closely with some individuals in your organization to achieve success? How will you roll out the additional responsibilities that some employees will now have?

6) Train your employees and make them aware: How will you make your employees aware of what ISO 45001 is, and why you are implementing it? Will you have training sessions in department meetings, or will managers train the employees? Who needs to be trained on any changes you have made to the processes? It is important that everyone know how they fit into the OH&S Management system structure.

7) Choose your certification body: It is important to choose a certification body suitable for your company to get the most benefit, so how will you do this? Do the auditors know about your industry and the hazards and risks associated with it? What other organizations has the company certified, and what was their level of satisfaction? How does the certification body think that they will provide a benefit to you? These are all questions that you should ask potential certification bodies when you are choosing the right one for you.

8) Use the OH&S management system and keep records: As you proceed, what do the OH&S records tell you about your processes? Are they working well, or do you need to modify anything through your corrective action process? Do your employees understand what they need to do, as written in the records, or is there further training needed in some areas? Do you see areas for improvement in your processes, and if so, how can you profit from this? Find out from your certification body how long they need this period to be before they consider the management system mature enough to audit.

9) Do your internal audits: Your internal audits are the tools you use to check each of your processes, so what are they telling you? Are your records adequate to show the process is working? Are there any problems that you need to fix with your corrective action process? Do some areas need more frequent audits?

10) Do a management review: Is your OH&S management system functioning as expected by the senior management plan? Is it properly implemented and effective? Are improvements being made, and are adequate resources being supplied to the effort? You will only know this by having management review, the output of your management system.

11) Corrective actions: Are there problems in your OH&S management system you will need to fix? Did you find these in your process measurements, internal audits, or management review? Have you included OH&S incident investigation in your corrective action system? Use your corrective action process to find the root cause of the problem and address this cause with a corrective action.

12) Certification audits: When you are ready, your certification body will send in people to compare your OH&S management system plans, processes, and procedures against the necessary requirements of ISO 45001. Were there any gaps found, and did the auditor’s report highlight these? If so, you will need to correct them and gather the evidence showing that they were addressed. Then, when your system is mature enough, your certification body will conduct the main audit to compare your records to your plans and the ISO 45001 requirements. Did you address any nonconformances in your process data, internal audits, or management reviews? After several days the audit team will issue a report with their findings, including any corrective actions needed. When they are satisfied that your management system addresses the needs of the ISO 458001 requirements, they will issue a recommendation for certification.

Make a plan to meet your goals

Make sure you take the time to create a good plan for implementing your OH&S management system to ensure adequate resources are applied from the start. Having this plan will help make sure your implementation will run smoothly, and help prevent waste of time and resources when they are not needed.

For a graphical representation of the process, check out this Diagram of ISO 45001 Implementation Process.

Advisera Mark Hammar
Mark Hammar
Mark Hammar is a Certified Manager of Quality / Organizational Excellence through the American Society for Quality and has been a Quality Professional since 1994. Mark has experience in auditing, improving processes, and writing procedures for Quality, Environmental, and Occupational Health & Safety Management Systems, and is certified as a Lead Auditor for ISO 9001, AS9100, and ISO 14001.