The basics of ISO 45001 hazards, risks, and opportunities

In the Occupational Health & Safety Management System (OHSMS) requirements, ISO 45001:2018 asks that you identify risks, opportunities, and hazards in order to plan for them, but these requirements in clause 6.1 can be confusing, to say the least. This article intends to provide the basics of what the standard requires.

Explanation of ISO 45001 Hazards, Risks, and Opportunities
  • Hazards identification: look at each of your processes and identify the threats present.
  • Risk assessment: identify the OH&S risks and other risks that are directly associated with your hazards.
  • Opportunities assessment: identify OH&S opportunities and other opportunities directly related to enhancing your OH&S performance.
  • Planning: plan actions to address both types of risks and opportunities, as well as legal and other requirements, and to plan for emergencies that were identified.

What is hazard identification?

ISO 45001 starts with some general information in clause 6.1.1 on considering your internal and external issues, relevant interested parties, and the scope of your OH&S management system during this risk assessment process. Next, clause requires the identification of hazards in the management system. What this entails is for you to look at each of your processes and identify the threats that are present that could cause injury or ill health in your workers. Considerations include not only the routine activities that you do, but also emergencies that could occur, planned changes, non-routine activities such as maintenance, and human factors that pose a danger in the process. Once you have identified all of your hazards, you then proceed to the next step for assessment of risks.

You can learn more on the hazard identification process in the article: How to identify and classify OH&S hazards.

What are risk and opportunity in ISO 45001?

After the assessment of your hazards, clause asks that you identify the OH&S risks and other risks for the health and safety management system. The OH&S risks are the risks that are directly associated with your hazards—for instance, one hazard of a machine with a sharp corner is that a person may cut themselves. Along with these OH&S risks, you also identify other risks that could affect your management system, but that are not directly linked to hazards—for instance, if a supplier is stopping production of a safe cleaning chemical and you need to identify a new replacement chemical.

Next, clause requires that you identify OH&S opportunities and other opportunities for the OH&S management system. OH&S opportunities are those directly related to enhancing your OH&S performance, such as adapting the way work is done to prevent injury, or eliminating hazards in the workplace. Other opportunities are those top-level prospects that can affect the overall system, but that are not directly related to hazards, such as identifying a new technology that can improve workplace safety or a supplier developing a safer material to replace one you currently use.

For a more thorough discussion on the distinction between hazard and risk in ISO 45001, see this article: Hazards vs. risks – What is the difference according to DIS/ISO 45001?

How do you identify risks and opportunities?

OH&S risks and OH&S opportunities as defined above are identified by assessing your identified hazards and determining what threats are posed by them, or if anything can be done to change your work to make it safer. A team of people who understand the process in question, and the hazards that are present in the process, can identify the negative outcomes that could happen and the opportunities for positive change to make the process safer.

Other risks and opportunities for the OHSMS, however, are typically identified in top management strategic planning activities. It is at this level that larger-scale threats and proposed changes can be better assessed. Many companies will use a tool called a SWOT analysis, which looks at strengths, weaknesses, opportunities, and threats that can affect the organization so that these can be systematically reviewed, and a decision made if action is needed.

For more information on how the SWOT analysis works in the OHSMS, see this article: Benefits of SWOT analysis in ISO 45001.

What are the typical risks and opportunities to address in an OHSMS?

Risk assessment will be different at different companies. Typical OH&S risks and opportunities will differ from company to company depending on which hazards are present. While many companies will have hazards such as items to trip over, sharp corners, or pinch points on machinery, other hazards such as those presented by chemicals will have very different risks from one company to another depending on what chemical is used.

Other risks and opportunities for the OH&S management system will also be unique to each organization, but there are some typical points of origin for these types of risks and opportunities. Changes in suppliers’ products, new or changing technology, or shifting of knowledge about processes and hazards are some of the typical sources of other risks and opportunities.

Bringing it all together in Planning

Once everything above is completed, and you identify any legal requirements and other requirements that are applicable to your OHSMS as per clause 6.1.3, the final step is to take planning actions to address what you have identified. Clause 6.1.4 necessitates that you plan actions to address both types of risks and opportunities mentioned above, as well as legal and other requirements, and to plan for emergencies that were identified during this process.

Explanation of ISO 45001 hazards, risks, and opportunities

These plans to address hazards, risks, and opportunities are intended to be integrated into the OHSMS processes, and to take into account the hierarchy of controls that might be used to contain these risks (for more on this hierarchy, see the article: 5 levels of hazard controls in ISO 45001 and how they should be applied). This planning may even identify OH&S objectives that you might put in place for improvement in your organization.

Simplify your hazard, risk, and opportunity assessments

While the requirements of clause 6.1 may seem confusing, if you walk through the activities in the order from hazard to risk, and then opportunity, it can be much simpler. Finally, remember that the Planning clause applies to everything that comes before it in the standard; this will make it easier to ensure that your planning addresses everything necessary to help you improve your OH&S performance.

For a better understanding of the risk assessment process in ISO 45001, download this free white paper: Diagram of the ISO 45001 Risk Management Process.

Advisera Mark Hammar
Mark Hammar
Mark Hammar is a Certified Manager of Quality / Organizational Excellence through the American Society for Quality and has been a Quality Professional since 1994. Mark has experience in auditing, improving processes, and writing procedures for Quality, Environmental, and Occupational Health & Safety Management Systems, and is certified as a Lead Auditor for ISO 9001, AS9100, and ISO 14001.