How long should it take to implement ISO 45001?

If you are familiar with working for an organization that has an ISO 45001:2018-certified OHSMS (Operational Health and Safety Management System), you will be aware of the value that such a system brings to the organization in terms of accident prevention and promotion of employee well-being. However, significant amounts of planning, resources, and time normally go into the establishment of such a system, and in my experience there can be many different opinions held when it comes to the question of how long it should take to implement ISO 45001. So, given that this is one of the natural questions for top management to ask when considering ISO 45001 for a business, what is the truth and what elements do we need to consider when planning for a certified OHSMS?

The key considerations

It is clear that any organization will have some key considerations when planning the establishment of an OHSMS that meets ISO 45001 requirements, as the amount of resources, knowledge, and expertise available to you will obviously have a huge impact on how quickly your implementation can be done. So, what questions should an organization be asking when embarking on such a project?

  • What is your organization’s core business? It is easy to imagine that an ISO 45001 implementation could take place significantly more quickly in a small IT company employing five people, then in a construction company employing the same headcount, due to the nature of the business and the inherent hazards and risks in construction.
  • How big is your organization, and how many sites do you have? When hazard and risk have to be assessed, consultation undertaken, and action raised to mitigate all of these, it is clear that these tasks become bigger when the headcount and number of sites increase. This will therefore have an effect on an organization’s expertise, knowledge, and resources, accordingly.
  • Does your organization have the knowledge, expertise, and resources to implement ISO 45001? This is a critical element when assessing how quickly an implementation can be done. Does your organization have the knowledge to implement and project manage an ISO 45001 OHSMS from start to end, meeting all the terms of the standard and ensuring that top management commitment is harnessed to ensure that health and safety is a top priority within the work place?

The above considerations come within the parameters of the “context of the organization” discussions that top management should consider, and which you may be familiar with if you have used the ISO 9001 and ISO 14001 standards for quality and environmental management in your organization. With an ISO 45001 implementation, management commitment and consultation with the workforce are critical factors, and these can not only increase your chances of success, but also limit the implementation period. Therefore, it quickly becomes clear that having top management commitment as an example to your workforce can be a critical factor in achieving a successful and timely ISO 45001 implementation. So, what is the next step?

How long?

In an organization of 20 people or fewer, an ISO 45001 implementation may be possible in around six months, depending on the focus, knowledge, expertise, and resources available. For larger organizations, a year may be required, although as mentioned above this can be dependent on other factors. It may be easier to implement an ISO 45001 OHSMS in a call center with 100 employees than an engineering plant with a headcount of 20, due to the nature of the business, for example. What is clear, however, is that your OHSMS will not be considered ready for audit without the following elements being in place:

  • Evidence of a management review or similar management meeting where policies, strategies, and objectives are decided. The article How to perform management review in ISO 45001 can assist you with this.
  • Evidence of an OH&S Policy and resulting clarification of responsibilities, resources, authority, and so forth.
  • Evidence of internal audit. The article How to perform internal audits in ISO 45001 can assist you with this process.
  • Evidence of processes to identify and control hazard and risk and deal with the outcomes in a manner that addresses root cause and prevents reoccurrence.
  • Processes and documentation that support all other sections of the standard itself.

So, while we can see that the ISO 45001-certified OHSMS is less based on external issues, such as customer feedback, than its ISO 9001 Quality Management equivalent, it is clear that some basic elements need to be completed and evidence must exist that this work has been undertaken before your OHSMS can be considered ready for audit.

Can we do it more quickly?

This is almost certainly a question that top management will ask the project manager when it comes to a project like ISO 45001 implementation. Obviously, hiring extra resources and having more expertise can help your organization implement ISO 45001 more quickly, but as we have examined above there are no real shortcuts when it comes to implementing the basic processes that support ISO 45001. It is wise to remember that compromising the terms of the standard can also compromise the safety of your workforce, and that goes against the reason that the standard itself exists. Ensure your OHSMS meets the individual elements of the standard, and ensure that your documentation is sufficient to record the details that the standard requires.

Above all, ensure that your hazard identification and risk assessment processes are effective in identifying and mitigating risk, as this is the primary reason that ISO 45001 exists. All organizations want a quick implementation, but you will do well to ensure that this is not at the cost of the ultimate effectiveness of the OHSMS itself.

Why not use our free  ISO 45001 Gap Analysis Tool to measure the gap between your current health & safety practices and the ISO 45001 standard?

Advisera John Nolan
John Nolan
John Nolan is a Fellow of the Institute of Leaders and Managers in the United Kingdom, and Prince 2 accredited with a background in Engineering and Electronics and Data Storage and Transfer. Having studied and qualified as both a Mechanical and Electronic Engineer, he has spent the last 15 years designing and delivering Quality Systems and projects across many sectors in the UK, including both national and local government.