Show me desktop version
CALL US 1-888-553-2256

ISO 45001 Blog

Mark Hammar

12 Steps for implementation and certification against OHSAS 18001

Implementing and gaining certification for an Occupational Health & Safety Management System (OH&SMS) can be tricky,  and you might become quickly overwhelmed by the many requirements of the OHSAS 18001 standard. To help make this easier to understand, the following 12 steps detail some important questions to ask about essential elements of your system.

Implementation steps


1) Get the support of management: How will you get critical management support – talk to individuals separately, or in a joint meeting? To help with your sales pitch, take a look at this article on Benefits of OHSAS 18001 for your business and this Project proposal for OHSAS 18001 Implementation.

2) Know your legal requirements: Do you have health & safety laws for your industry? Have you looked at the regional, state, national, and international level? Section 4.3.2 of OHSAS 18001 outlines the requirements for knowing and maintaining your compliance so that your implementation will succeed.

3) Define the scope of your OH&SMS: Is your OH&SMS applicable to your entire company, or just one location of a multi-location company? This will be critical for writing your OH&S Policy and objectives and targets that guide your OH&SMS.

4) Define the processes and procedures: What processes and procedures need to be defined to control the OH&S hazards within your company? How will you identify all of your hazards, and the risks associated with them, so that you can ensure the proper controls will be in place? What risk assessment do you need to do? What operational controls and emergency preparedness procedures do you need? What will you write down, and what can be controlled through proper training and awareness? For some guidance, check out this white paper: Checklist of Mandatory Documentation Required by OHSAS 18001:2007.

5) Implement the OH&S processes and procedures: What do you need to do to put into place all of the processes and procedures from Step 4? What sort of hierarchy of controls and procedures do you need? Do you need to work closely with some individuals in your organization to achieve success? How will you roll out the additional responsibilities that some employees will now have?

6) Train your employees and make them aware: How will you make your employees aware of what OHSAS 18001 is, and why you are implementing it? Will you have training sessions in department meetings, or will managers train the employees? Who needs to be trained on any changes you have made to the processes? It is important that everyone know how they fit into the OH&SMS structure.

7) Choose your certification body: It is important to choose a certification body suitable for your company to get the most benefit, so how will you do this? Do the auditors know about your industry and the hazards and risks associated with it? What other organizations has the company certified, and what was their level of satisfaction? How does the certification body think that they will provide a benefit to you? These are all questions that you should ask potential certification bodies when you are choosing the right one for you.

8) Use the OH&SMS and keep records: As you proceed, what do the OH&S records tell you about your processes? Are they working well, or do you need to modify anything through your corrective action process? Do your employees understand what they need to do, as written in the records, or is there further training needed in some areas? Do you see areas for improvement in your processes, and if so, how can you profit from this? Find out from your certification body how long they need this period to be before they consider the management system mature enough to audit.

9) Do your internal audits: Your internal audits are the tools you use to check each of your processes, so what are they telling you? Are your records adequate to show the process is working? Are there any problems that you need to fix with your corrective action process? Do some areas need more frequent audits?

10) Do a management review: Is your OH&SMS functioning as expected by the senior management plan? Is it properly implemented and effective? Are improvements being made, and are adequate resources being supplied to the effort? You will only know this by having management review the output of your management system.

11) Corrective actions: Are there problems in your OH&SMS system you will need to fix? Did you find these in your process measurements, internal audits, or management review? Have you included OH&S incident investigation in your corrective action system? Use your corrective action process to find the root cause of the problem and address this cause with a corrective action.

12) Certification audits: When you are ready, your certification body will send in people to compare your OH&SMS plans, processes, and procedures against the necessary requirements of OHSAS 18001. Were there any gaps found, and did the auditor’s report highlight these? If so, you will need to correct them and gather the evidence showing that they were addressed. Then, when your system is mature enough, your certification body will conduct the main audit to compare your records to your plans and the OHSAS 18001 requirements. Did you address any nonconformances in your process data, internal audits, or management reviews? After several days the audit team will issue a report with their findings, including any corrective actions needed. When they are satisfied that your management system addresses the needs of the OHSAS 18001 requirements, they will issue a recommendation for certification.

Make a plan to meet your goals

Make sure you take the time to create a good plan for implementing your OH&SMS to ensure adequate resources are applied from the start. Having this plan will help make sure your implementation will run smoothly, and help prevent waste of time and resources when they are not needed.

For a graphical representation of the process, check out this  Diagram of OHSAS 18001:2007 Implementation Process.

If you enjoyed this article, subscribe for updates

Improve your knowledge with our free resources on ISO 45001 standard.

100% privacy respected. Unsubscribe at any time with a single click.



  • Advisera is Exemplar Global Certified TPECS Provider for the IS, QM, EM and AU Competency Units.
  • ITIL® is a registered trade mark of AXELOS Limited. Used under licence of AXELOS Limited. All rights reserved.
  • DNV GL Business Assurance is one of the leading providers of accredited management systems certification.
Request callback
Request callback

Or call us directly

International calls
+1 (646) 759 9933">+1 (646) 759 9933