Professional Documents
Culture Documents
Implementation Guidance
for migrating from
OHSAS 18001:2007 to ISO 45001:2018
CONTENTS
1.0 INTRODUCTION
1 Version: Rev 1
1. INTRODUCTION
This Implementation Guidance has been developed to assist users in understanding the issues
that need to be considered when moving towards using ISO 45001.
The development of ISO 45001 introduces a new 10 clause structure, several new requirements
and new terms. Users will need to plan how to incorporate these changes into their occupational
health and safety management system (OHSMS).
Additional information and guidance from ISO and its Project Committee 283 (ISO/PC 283) on
ISO 45001 can be found on its web site at: https://committee.iso.org/pc283
a) The demands from users for the requirements of management system standards to be better
aligned, to enable “integration” into their organization’s management systems.
This led to the development by ISO of a “High Level Structure” (often referred to as “Annex
SL”) which provides a common clause sequence (structure), text, terms and definitions for its
management system standards. This “High Level Structure” has been applied during the
development of ISO 45001.
b) The OHSAS Project Group’s 2011 Survey of standards and certificates, which showed there
are now more than 90000 certificates issued in 127 countries and the need for an ISO
International Standard for this discipline.
The Justification Study identified that ISO 45001 would need to:
1) enable organizations to provide safe and healthy working environments
2) be generic and relevant to all types and sizes of organizations, operating in any sector, and be
able to accommodate diverse geographical, cultural and social conditions.
3) be capable of being applied to the widest possible range of organizations with varying
degrees of maturity of their OHSMS
4) specify the essential components of an OHSMS
5) enable organizations to demonstrate conformity to the requirements
6) enable organizations to identity, assess and control their OH&S risks and improve their OH&S
performance
7) align with other management system standards (in particular ISO 14001 for environmental
management systems).
2 Version: Rev 1
The expected benefits identified for ISO 45001:2018 include:
I. Provides clarity on OHSMS issues
II. Enhanced leadership involvement and worker participation in the OHSMS
III. Risk-based thinking for the OHSMS, as well as for OH&S risks
IV. Alignment of the OH&S policy and objectives with the strategic direction of the organization
V. Integration of the OHSMS into the business processes of the organization
VI. Simplified language, common structure and terms
3. USER GROUPS
b) New Users
A New User is defined as an organisation that is either beginning to use OHSAS 18001 or ISO
45001:2018 for the first time, or is a potential user of the standards in the future.
4. IMPLEMENTATION GUIDANCE
All users groups are strongly advised to note the IAF’s Mandatory Document IAF MD 21:
Requirements on the Migration to ISO 45001:2018 from OHSAS 18001:2007 (see:
http://www.iaf.nu/upFiles/IAFMD21MigrationtoISO450012018Pub.pdf) for implementation
of accredited certification to ISO 45001:2018, which details the agreed implementation plan
for accredited certification, as follows:
a) Accredited certification to ISO 45001:2018 shall not be granted until the publication of ISO
45001:2018 as an International Standard.
3 Version: Rev 1
b) Validity of certifications to OHSAS 18001:2007
OHSAS 18001:2007 certifications will not be valid after three years from publication of ISO
45001:2018.
The expiry date of certifications to OHSAS 18001:2007 issued during the migration period
needs to correspond to the end of the three year migration period.
OHSAS 18001:2007
Key
Preparation Commencement/ End
continuation
Figure 1 - Implementation timetable for ISO 45001:2018, for all user groups
To benefit from the changes introduced into ISO 45001:2018, users (from all user groups) should
note the recommendations given below. Recommendations for specific user groups are given in
section 4.2 further down.
1) To get acquainted with the new edition of the standard use the following resources:
Guidance available at https://committee.iso.org/pc283
The correspondence matrices between OHSAS 18001:2008 and ISO 45001:2018,
which provides a before and after view of the clauses (see Annex A below)
2) Determine the impact of the changes of the new version on your current use of OHSAS
18001 and plan any necessary remedial actions.
a) Current users
Organisations that are already certified to OHSAS 18001:2007 should contact their
certification/registration bodies (CB/RB) to agree a program for analysing the clarifications in ISO
45001:2018 in relation to their individual OHSMS and for upgrading their certificates.
4 Version: Rev 1
Certified organizations should bear in mind that OHSAS 18001:2007 certificates have the same
status as new ISO 45001:2018 certificates during the co-existence period.
Organizations in the process of certification to OHSAS 18001:2008 should change to using ISO
45001:2018 and apply for certification to it (however, if your organization is nearing completion
of its certification process, then it may be preferable for your organization to complete its
certification to OHSAS 18001, and then look at converting to using ISO 45001).
b) New users
New users should start by using ISO 45001:2018.
Note: Unaccredited certifications do not have the same status as accredited certifications, and
organizations with unaccredited OHSAS 18001 certifications may require additional audit time in
order to achieve accredited certification to ISO 45001.
Information regarding ISO 45001 should be communicated to potential users by the national
standards bodies (NSBs), in a timely manner. It is recommended that NSB actions be
synchronized with the information flows from ISO, ISO/PC 283, the OHSAS Project Group and the
IAF.
NSBs may find they are responsible, at a national level, for communicating the issues regarding
the changes from OHSAS 18001:2007 to ISO 45001 to all interested parties. It is recommended
that they coordinate their communications regarding these issues with other local interested
parties (for example: ABs, CB/RBs, professional OH&S associations, etc.).
Translation Issues – Where NSBs need to provide translations of the standard into their own
national languages, it is recommended that they start this as early as possible.
ABs should refer to the IAF’s Mandatory Document IAF MD 21: Requirements on the Migration to
ISO 45001:2018 from OHSAS 18001:2007 for the implementation of accredited certification to
ISO 45001:2018 (see 4.1 above).
AB’s should be reminded that they can only grant accreditation for certification to ISO
45001:2018 after the official publication of the standard.
AB’s should train their assessors and verify their competence to assess CB’s providing ISO
45001:2018 certifications.
5 Version: Rev 1
4.2.4 Certification Bodies
CBs should refer to the IAF’s Mandatory Document IAF MD 21: Requirements on the Migration to
ISO 45001:2018 from OHSAS 18001:2007 for the implementation of accredited certification to
ISO 45001:2018 (see 4.1 above).
CBs should remember that certificates of conformity to ISO 45001:2018 and/or its national
equivalent adoptions can only be issued after the official publication of the standard.
Prior to allowing their auditors to conduct audits against ISO 45001, it is important that
accredited certification bodies ensure that their auditors are aware of:
the changes introduced in ISO 45001:2018 compared to OHSAS 18001, and their
implications
the requirements of ISO/IEC TS 17021-10 Conformity assessment -- Requirements for
bodies providing audit and certification of management systems -- Part 10: Competence
requirements for auditing and certification of occupational health and safety
management systems (The TS is due to be published concurrently with ISO 45001)
It is also important that other CB personnel (for example, those making certification decisions)
are aware of the changes in ISO 45001:2018 compared to OHSAS 18001, and their implications.
All trainers and consultants should be aware of the changes introduced by ISO 45001:2018. All
training bodies and consultants are recommended to determine the need for updating training
programs and documentation, or any other changes necessary, to the services they provide.
Where legislative or regulatory bodies have referenced or adopted OHSAS 18001 in their
legislation or regulations or other communications, they should review ISO 45001 to determine if
it is acceptable as an alternative. In the longer term, the legislation/regulations/ communications
may need to be updated to reference or adopt ISO 45001. Until such updating occurs, it is
recommended that the legislative or regulatory bodies should issue a communique to advise that
they will accept ISO 45001 in place of OHSAS 18001.
It is expected that the FAQs will be updated on a more regular basis than this Implementation
Guidance. For the latest version of the FAQs, reference should be made to the open access web
site at https://committee.iso.org/pc283
6 Version: Rev 1
6.0 AUTHENTICITY OF INFORMATION REGARDING ISO 45001:2018
The first point of contact for information regarding the requirements of ISO 45001:2018 should
be your National Standards Body (for a listing of ISO’s member National Standards Bodies, see
www.iso.org/members.htm).
• ISO’s web site www.iso.org provides general information regarding the ISO 45001:2018
development programme (as well as details of its member National Standards Bodies).
7 Version: Rev 1
Annex A
Users should note that there will not be full correspondence between the requirements of the
two standards on an equivalent topic, and that the following tables are an approximation only.
8 Version: Rev 1
Competence 7.2 4.4.2 Competence, training and awareness
Awareness 7.3 4.4.2 Competence, training and awareness
Communication 7.4 4.4.3.1 Communication
General 7.4.1 4.4.3.1 Communication
Internal communication 7.4.2 4.4.3.1 Communication
External communication 7.4.3 4.4.3.1 Communication
Documented information (title only) 7.5 4.4.4 Documentation
4.5.4 Control of records
General 7.5.1 4.4.4 Documentation
4.5.4 Control of records
Creating and updating 7.5.2 4.4.5 Control of documents
4.5.4 Control of records
Control of documented information 7.5.3 4.4.5 Control of documents
4.5.4 Control of records
Operation (title only) 8 4.4 Implementation and operation (title only)
Operational planning and control (title 8.1 4.4.6 Operational control
only)
General 8.1.1 4.4.6 Operational control
Eliminating hazards and reducing OH&S 8.1.2 4.3.1 Hazard identification, risk assessment and
risks determining controls
4.4.6 Operational control
Management of change 8.1.3 4.3.1 Hazard identification, risk assessment and
determining controls
4.4.6 Operational control
Procurement (title only) 8.1.4 4.4.6 Operational control
General 8.1.4.1 4.4.6 Operational control
Contractors 8.1.4.2 4.3.1 Hazard identification, risk assessment and
determining controls
4.4.3.1 Communication
4.4.3.2 Participation and consultation
4.4.6 Operational control
Outsourcing 8.1.4.3 4.3.2 Legal and other requirements
4.4.3.1 Communication
4.4.6 Operational control
Emergency preparedness and response 8.2 4.4.7 Emergency preparedness and response
Performance evaluation (title only) 9 4.5 Checking (title only)
Monitoring, measurement, analysis and 9.1 4.5.1 Performance measurement and
performance evaluation (title only) monitoring
General 9.1.1 4.5.1 Performance measurement and
monitoring
Evaluation of compliance 9.1.2 4.5.2 Evaluation of compliance
Internal audit (title only) 9.2 4.5.5 Internal audit
General 9.2.1 4.5.5 Internal audit
Internal audit programme 9.2.2 4.5.5 Internal audit
Management review 9.3 4.6 Management review
Improvement (title only) 10 4.6 Management review
General 10.1 4.6 Management review
Incident, nonconformity and corrective 10.2 4.5.3 Incident investigation, nonconformity,
action corrective action and preventive action
(title only)
4.5.3.1 Incident investigation
4.5.3.2 Nonconformity, corrective action and
preventive action
Continual improvement 10.3 4.2 OH&S Policy
4.3.3 Objectives and programme(s)
4.6 Management review
9 Version: Rev 1
Table A.2 - Correspondence between OHSAS 18001:2007 and ISO 45001
OHSAS 18001:2007 ISO 45001
Management system 4 4.4 OH&S management system
General requirements 4.1 4.3 Determining the scope of the OH&S
management system
4.4 OH&S management system
OH&S policy 4.2 5.2 OH&S Policy
10.3 Continual improvement
Planning (title only) 4.3 6 Planning (title only)
Hazard identification, risk assessment 4.3.1 6.1 Actions to address risks and
and determining controls opportunities (title only)
6.1.2 Hazard identification and assessment of
risks and opportunities (title only)
6.1.2.1 Hazard identification
6.1.2.2 Assessment of OH&S risks and other
risks to the OH&S management
system
8.1.2 Eliminating hazards and reducing OH&S
risks
8.1.3 Management of change
8.1.4.2 Contractors
Legal and other requirements 4.3.2 6.1.3 Determination of legal requirements
and other requirements
8.1.4.3 Outsourcing
Objectives and programme(s) 4.3.3 6.2 OH&S objectives and planning to
achieve them (title only)
6.2.1 OH&S objectives
6.2.2 Planning to achieve OH&S objectives
10.3 Continual improvement
Implementation and operation (title 4.4 7 Support (title only)
only) 8 Operation (title only)
Resources, roles, responsibility, 4.4.1 5.1 Leadership and commitment
accountability and authority 5.3 Organizational roles, responsibilities
and authorities
7.1 Resources
Competence, training and awareness 4.4.2 7.2 Competence
7.3 Awareness
Communication, participation and 4.4.3 5 Leadership and worker participation
consultation (title only) (title only)
Communication 4.4.3.1 7.4 Communication
7.4.1 General
7.4.2 Internal communication
7.4.3 External communication
8.1.4.2 Contractors
8.1.4.3 Outsourcing
Participation and consultation 4.4.3.2 4.2 Understanding the needs and
expectations of workers and other
interested parties
5.4 Consultation and participation of
workers
8.1.4.2 Contractors
Documentation 4.4.4 7.5 Documented information (title only)
7.5.1 General
Control of documents 4.4.5 7.5.2 Creating and updating
7.5.3 Control of documented information
10 Version: Rev 1
Operational Control 4.4.6 6.1.1 General
6.1.4 Planning action
8.1 Operational planning and control (title
only)
8.1.1 General
8.1.2 Eliminating hazards and reducing OH&S
risks
8.1.3 Management of change
8.1.4 Procurement (title only)
8.1.4.1 General
8.1.4.2 Contractors
8.1.4.3 Outsourcing
Emergency preparedness and response 4.4.7 8.2 Emergency preparedness and response
Checking (title only) 4.5 9 Performance evaluation (title only)
Performance measurement and 4.5.1 9.1 Monitoring, measurement, analysis and
monitoring performance evaluation (title only)
9.1.1 General
Evaluation of compliance 4.5.2 9.1.2 Evaluation of compliance
Incident investigation, nonconformity, 4.5.3 10.2 Incident, nonconformity and corrective
corrective action and preventive action
action (title only)
Incident investigation 4.5.3.1 10.2 Incident, nonconformity and corrective
action
Nonconformity, corrective action and 4.5.3.2 10.2 Incident, nonconformity and corrective
preventive action action
Control of records 4.5.4 7.5 Documented information (title only)
7.5.1 General
7.5.2 Creating and updating
7.5.3 Control of documented information
Internal audit 4.5.5 9.2 Internal audit (title only)
9.2.1 General
9.2.2 Internal audit programme
Management review 4.6 4 Context of the organization (title only)
Understanding the organization and its
4.1 context
Understanding the needs and
4.2 expectations of workers and other
interested parties
9.3 Management review
10 Improvement (title only)
10.1 General
10.3 Continual improvement
11 Version: Rev 1