OHSAS Project Group

Implementation Guidance
for migrating from
OHSAS 18001:2007 to ISO 45001:2018

CONTENTS

1.0 INTRODUCTION

2.0 BACKGROUND ON ISO 45001 DEVELOPMENT PROCESS

3.0 USER GROUPS

4.0 IMPLEMENTATION GUIDANCE

4.1 GENERIC GUIDANCE

4.2 SPECIFIC GUIDANCE TO USER GROUPS

5.0 FREQUENTLY ASKED QUESTIONS

6.0 AUTHENTICITY OF INFORMATION REGARDING ISO 45001

1 Version: Rev 1
1. INTRODUCTION

This Implementation Guidance has been developed to assist users in understanding the issues
that need to be considered when moving towards using ISO 45001.

A wide diffusion of this implementation guidance is recommended, in particular the comparison

tables between OHSAS 18001:2007 and ISO 45001:2018. These show the correspondence
between the clauses of the standards and can be found in Annex A at the end of this paper.

The development of ISO 45001 introduces a new 10 clause structure, several new requirements
and new terms. Users will need to plan how to incorporate these changes into their occupational
health and safety management system (OHSMS).

Additional information and guidance from ISO and its Project Committee 283 (ISO/PC 283) on
ISO 45001 can be found on its web site at: https://committee.iso.org/pc283

2. BACKGROUND TO THE ISO 45001 DEVELOPMENT PROCESS

Prior to the development of a management system standard in ISO, a “Justification Study” is

prepared to present a case for the proposed project. In relation to the development of ISO 45001
user needs were identified from the following:

a) The demands from users for the requirements of management system standards to be better
aligned, to enable “integration” into their organization’s management systems.

This led to the development by ISO of a “High Level Structure” (often referred to as “Annex
SL”) which provides a common clause sequence (structure), text, terms and definitions for its
management system standards. This “High Level Structure” has been applied during the
development of ISO 45001.

b) The OHSAS Project Group’s 2011 Survey of standards and certificates, which showed there
are now more than 90000 certificates issued in 127 countries and the need for an ISO
International Standard for this discipline.

The Justification Study identified that ISO 45001 would need to:
1) enable organizations to provide safe and healthy working environments
2) be generic and relevant to all types and sizes of organizations, operating in any sector, and be
able to accommodate diverse geographical, cultural and social conditions.
3) be capable of being applied to the widest possible range of organizations with varying
degrees of maturity of their OHSMS
4) specify the essential components of an OHSMS
5) enable organizations to demonstrate conformity to the requirements
6) enable organizations to identity, assess and control their OH&S risks and improve their OH&S
performance
7) align with other management system standards (in particular ISO 14001 for environmental
management systems).

2 Version: Rev 1
The expected benefits identified for ISO 45001:2018 include:
I. Provides clarity on OHSMS issues
II. Enhanced leadership involvement and worker participation in the OHSMS
III. Risk-based thinking for the OHSMS, as well as for OH&S risks
IV. Alignment of the OH&S policy and objectives with the strategic direction of the organization
V. Integration of the OHSMS into the business processes of the organization
VI. Simplified language, common structure and terms

3. USER GROUPS

3.1 Individual organizations using OHSAS 18001

a) Current Users of OHSAS 18001

This user group is defined as having completed, or being in the process of, implementing OHSAS
18001, regardless of whether they are certified or not, or whether they intend to be certified or
not.

b) New Users
A New User is defined as an organisation that is either beginning to use OHSAS 18001 or ISO
45001:2018 for the first time, or is a potential user of the standards in the future.

3.2 Other user groups

These are defined as being:

a) National Standards Bodies (NSBs)
b) Accreditation Bodies (ABs)
c) Certification/Registration Bodies (CB/RBs)
d) Trainers and Consultants
e) Legislative or Regulatory Bodies

4. IMPLEMENTATION GUIDANCE

4.1 Generic guidance

All users groups are strongly advised to note the IAF’s Mandatory Document IAF MD 21:
Requirements on the Migration to ISO 45001:2018 from OHSAS 18001:2007 (see:
http://www.iaf.nu/upFiles/IAFMD21MigrationtoISO450012018Pub.pdf) for implementation
of accredited certification to ISO 45001:2018, which details the agreed implementation plan
for accredited certification, as follows:

a) Accredited certification to ISO 45001:2018 shall not be granted until the publication of ISO
45001:2018 as an International Standard.

Accredited certification of conformity to ISO 45001:2018 and/or national equivalents shall

only be issued after the official publication of ISO 45001:2018 (currently targeted for 1st
quarter of 2018), by an accredited certification body, and after a certification audit against
ISO 45001:2018.

3 Version: Rev 1
b) Validity of certifications to OHSAS 18001:2007

OHSAS 18001:2007 certifications will not be valid after three years from publication of ISO
45001:2018.

The expiry date of certifications to OHSAS 18001:2007 issued during the migration period
needs to correspond to the end of the three year migration period.

Timeline Dec 2017 / Jan 2018 Mar 2018 Mar 2021

3 year migration period

OHSAS 18001:2007

ISO45001:2018 FDIS ballot Publication of

International Standard
National Standards Bodies Translation Release of national standard
Accreditation Bodies Accreditation update transition Accreditation
Certification Bodies Certification update transition ISO 45001:2018 certification
Trainers
Auditor Upgrade Certification update transition
Certified Organizations Certification update transition

Key
Preparation Commencement/ End
continuation

Figure 1 - Implementation timetable for ISO 45001:2018, for all user groups

To benefit from the changes introduced into ISO 45001:2018, users (from all user groups) should
note the recommendations given below. Recommendations for specific user groups are given in
section 4.2 further down.

1) To get acquainted with the new edition of the standard use the following resources:
 Guidance available at https://committee.iso.org/pc283
 The correspondence matrices between OHSAS 18001:2008 and ISO 45001:2018,
which provides a before and after view of the clauses (see Annex A below)

2) Determine the impact of the changes of the new version on your current use of OHSAS
18001 and plan any necessary remedial actions.

3) Use the Plan-Do-Check-Act (PDCA) methodology to manage the implementation.

Note that the actions may need to vary according to your user group (see 4.2 below).

4.2 Guidance for specific user groups

These recommendations complement the generic guidance to all user groups given in section 3.0
above.

4.2.1 Organizations using OHSAS 18001:2007

a) Current users
Organisations that are already certified to OHSAS 18001:2007 should contact their
certification/registration bodies (CB/RB) to agree a program for analysing the clarifications in ISO
45001:2018 in relation to their individual OHSMS and for upgrading their certificates.
4 Version: Rev 1
Certified organizations should bear in mind that OHSAS 18001:2007 certificates have the same
status as new ISO 45001:2018 certificates during the co-existence period.

Organizations in the process of certification to OHSAS 18001:2008 should change to using ISO
45001:2018 and apply for certification to it (however, if your organization is nearing completion
of its certification process, then it may be preferable for your organization to complete its
certification to OHSAS 18001, and then look at converting to using ISO 45001).

b) New users
New users should start by using ISO 45001:2018.

Note: Unaccredited certifications do not have the same status as accredited certifications, and
organizations with unaccredited OHSAS 18001 certifications may require additional audit time in
order to achieve accredited certification to ISO 45001.

4.2.2 National Standards Bodies

Information regarding ISO 45001 should be communicated to potential users by the national
standards bodies (NSBs), in a timely manner. It is recommended that NSB actions be
synchronized with the information flows from ISO, ISO/PC 283, the OHSAS Project Group and the
IAF.

NSBs may find they are responsible, at a national level, for communicating the issues regarding
the changes from OHSAS 18001:2007 to ISO 45001 to all interested parties. It is recommended
that they coordinate their communications regarding these issues with other local interested
parties (for example: ABs, CB/RBs, professional OH&S associations, etc.).

Translation Issues – Where NSBs need to provide translations of the standard into their own
national languages, it is recommended that they start this as early as possible.

NSBs encountering any interpretation problems in the preparation of their translations of

ISO 45001 should contact the ISO/PC 283 Secretariat for assistance.

4.2.3 Accreditation Bodies

ABs should refer to the IAF’s Mandatory Document IAF MD 21: Requirements on the Migration to
ISO 45001:2018 from OHSAS 18001:2007 for the implementation of accredited certification to
ISO 45001:2018 (see 4.1 above).

AB’s should be reminded that they can only grant accreditation for certification to ISO
45001:2018 after the official publication of the standard.

AB’s should train their assessors and verify their competence to assess CB’s providing ISO
45001:2018 certifications.

5 Version: Rev 1
4.2.4 Certification Bodies

CBs should refer to the IAF’s Mandatory Document IAF MD 21: Requirements on the Migration to
ISO 45001:2018 from OHSAS 18001:2007 for the implementation of accredited certification to
ISO 45001:2018 (see 4.1 above).

CBs should remember that certificates of conformity to ISO 45001:2018 and/or its national
equivalent adoptions can only be issued after the official publication of the standard.

Prior to allowing their auditors to conduct audits against ISO 45001, it is important that
accredited certification bodies ensure that their auditors are aware of:
 the changes introduced in ISO 45001:2018 compared to OHSAS 18001, and their
implications
 the requirements of ISO/IEC TS 17021-10 Conformity assessment -- Requirements for
bodies providing audit and certification of management systems -- Part 10: Competence
requirements for auditing and certification of occupational health and safety
management systems (The TS is due to be published concurrently with ISO 45001)

It is also important that other CB personnel (for example, those making certification decisions)
are aware of the changes in ISO 45001:2018 compared to OHSAS 18001, and their implications.

4.2.5 Training Bodies and Consultants

All trainers and consultants should be aware of the changes introduced by ISO 45001:2018. All
training bodies and consultants are recommended to determine the need for updating training
programs and documentation, or any other changes necessary, to the services they provide.

4.2.6 Legislative or Regulatory Bodies

Where legislative or regulatory bodies have referenced or adopted OHSAS 18001 in their
legislation or regulations or other communications, they should review ISO 45001 to determine if
it is acceptable as an alternative. In the longer term, the legislation/regulations/ communications
may need to be updated to reference or adopt ISO 45001. Until such updating occurs, it is
recommended that the legislative or regulatory bodies should issue a communique to advise that
they will accept ISO 45001 in place of OHSAS 18001.

5.0 FREQUENTLY ASKED QUESTIONS

While this Implementation Guidance provides recommendations on a number of issues facing

the different user groups during the co-existence period, it does not address more general
questions about ISO 45001. Instead ISO/PC 283 is preparing a set of frequently asked questions
(FAQs) to provide such advice.

It is expected that the FAQs will be updated on a more regular basis than this Implementation
Guidance. For the latest version of the FAQs, reference should be made to the open access web
site at https://committee.iso.org/pc283

6 Version: Rev 1
6.0 AUTHENTICITY OF INFORMATION REGARDING ISO 45001:2018

The first point of contact for information regarding the requirements of ISO 45001:2018 should
be your National Standards Body (for a listing of ISO’s member National Standards Bodies, see
www.iso.org/members.htm).

Other recommended sources of information are:

• ISO’s web site www.iso.org provides general information regarding the ISO 45001:2018
development programme (as well as details of its member National Standards Bodies).

• ISO has a microsite dedicated to ISO 45001 at: https://spotlight.iso.org/iso45001

• The ISO/PC 283 web site, https://committee.iso.org/pc283 , provides detailed information

on the ISO 45001 development programme and is updated on a regular basis.

7 Version: Rev 1
Annex A

Correspondence between OHSAS 18001:2007 and ISO 45001

Users should note that there will not be full correspondence between the requirements of the
two standards on an equivalent topic, and that the following tables are an approximation only.

Table A.1 - Correspondence between ISO 45001 and OHSAS 18001:2007

ISO 45001 OHSAS 18001:2007
Context of the organization (title only) 4 - New requirement
[see also 4.6 h) in Management review]
Understanding the organization and its 4.1 - New requirement
context [see also 4.6 h) in Management review]
Understanding the needs and 4.2 4.4.3.2 Participation and consultation (in part)
expectations of workers and other [see also 4.6 b) and c) in Management
interested parties review]
Determining the scope of the OH&S 4.3 4.1 General requirements (in part)
management system
OH&S management system 4.4 4 Management system
4.1 General requirements
Leadership and worker participation 5 4.4.3 Communication, participation and
(title only) consultation (title only)
Leadership and commitment 5.1 4.4.1 Resources, roles, responsibility,
accountability and authority
OH&S Policy 5.2 4.2 OH&S policy
Organizational roles, responsibilities 5.3 4.4.1 Resources, roles, responsibility,
and authorities accountability and authority
Consultation and participation of 5.4 4.4.3.2 Participation and consultation
workers
Planning (title only) 6 4.3 Planning (title only)
Actions to address risks and 6.1 4.1 General requirements
opportunities (title only) 4.3.1 Hazard identification, risk assessment and
determining controls
General 6.1.1 4.4.6 Operational Control
Hazard identification and assessment 6.1.2 4.3.1 Hazard identification, risk assessment and
of risks and opportunities (title determining controls
only)
Hazard identification 6.1.2.1 4.3.1 Hazard identification, risk assessment and
determining controls
Assessment of OH&S risks and other 6.1.2.2 4.3.1 Hazard identification, risk assessment and
risks to the OH&S management determining controls
system
Identification of OH&S opportunities 6.1.2.3 - New Requirement
and other opportunities to the
OH&S management system
Determination of legal requirements 6.1.3 4.3.2 Legal and other requirements
and other requirements
Planning action 6.1.4 4.4.6 Operational Control
OH&S objectives and planning to 6.2 4.3.3 Objectives and programme(s)
achieve them (title only)
OH&S objectives 6.2.1 4.3.3 Objectives and programme(s)
Planning to achieve OH&S objectives 6.2.2 4.3.3 Objectives and programme(s)
Support (title only) 7 4.4 Implementation and operation (title only)
Resources 7.1 4.4.1 Resources, roles, responsibility,
accountability and authority

8 Version: Rev 1
Competence 7.2 4.4.2 Competence, training and awareness
Awareness 7.3 4.4.2 Competence, training and awareness
Communication 7.4 4.4.3.1 Communication
General 7.4.1 4.4.3.1 Communication
Internal communication 7.4.2 4.4.3.1 Communication
External communication 7.4.3 4.4.3.1 Communication
Documented information (title only) 7.5 4.4.4 Documentation
4.5.4 Control of records
General 7.5.1 4.4.4 Documentation
4.5.4 Control of records
Creating and updating 7.5.2 4.4.5 Control of documents
4.5.4 Control of records
Control of documented information 7.5.3 4.4.5 Control of documents
4.5.4 Control of records
Operation (title only) 8 4.4 Implementation and operation (title only)
Operational planning and control (title 8.1 4.4.6 Operational control
only)
General 8.1.1 4.4.6 Operational control
Eliminating hazards and reducing OH&S 8.1.2 4.3.1 Hazard identification, risk assessment and
risks determining controls
4.4.6 Operational control
Management of change 8.1.3 4.3.1 Hazard identification, risk assessment and
determining controls
4.4.6 Operational control
Procurement (title only) 8.1.4 4.4.6 Operational control
General 8.1.4.1 4.4.6 Operational control
Contractors 8.1.4.2 4.3.1 Hazard identification, risk assessment and
determining controls
4.4.3.1 Communication
4.4.3.2 Participation and consultation
4.4.6 Operational control
Outsourcing 8.1.4.3 4.3.2 Legal and other requirements
4.4.3.1 Communication
4.4.6 Operational control
Emergency preparedness and response 8.2 4.4.7 Emergency preparedness and response
Performance evaluation (title only) 9 4.5 Checking (title only)
Monitoring, measurement, analysis and 9.1 4.5.1 Performance measurement and
performance evaluation (title only) monitoring
General 9.1.1 4.5.1 Performance measurement and
monitoring
Evaluation of compliance 9.1.2 4.5.2 Evaluation of compliance
Internal audit (title only) 9.2 4.5.5 Internal audit
General 9.2.1 4.5.5 Internal audit
Internal audit programme 9.2.2 4.5.5 Internal audit
Management review 9.3 4.6 Management review
Improvement (title only) 10 4.6 Management review
General 10.1 4.6 Management review
Incident, nonconformity and corrective 10.2 4.5.3 Incident investigation, nonconformity,
action corrective action and preventive action
(title only)
4.5.3.1 Incident investigation
4.5.3.2 Nonconformity, corrective action and
preventive action
Continual improvement 10.3 4.2 OH&S Policy
4.3.3 Objectives and programme(s)
4.6 Management review

9 Version: Rev 1
Table A.2 - Correspondence between OHSAS 18001:2007 and ISO 45001
OHSAS 18001:2007 ISO 45001
Management system 4 4.4 OH&S management system
General requirements 4.1 4.3 Determining the scope of the OH&S
management system
4.4 OH&S management system
OH&S policy 4.2 5.2 OH&S Policy
10.3 Continual improvement
Planning (title only) 4.3 6 Planning (title only)
Hazard identification, risk assessment 4.3.1 6.1 Actions to address risks and
and determining controls opportunities (title only)
6.1.2 Hazard identification and assessment of
risks and opportunities (title only)
6.1.2.1 Hazard identification
6.1.2.2 Assessment of OH&S risks and other
risks to the OH&S management
system
8.1.2 Eliminating hazards and reducing OH&S
risks
8.1.3 Management of change
8.1.4.2 Contractors
Legal and other requirements 4.3.2 6.1.3 Determination of legal requirements
and other requirements
8.1.4.3 Outsourcing
Objectives and programme(s) 4.3.3 6.2 OH&S objectives and planning to
achieve them (title only)
6.2.1 OH&S objectives
6.2.2 Planning to achieve OH&S objectives
10.3 Continual improvement
Implementation and operation (title 4.4 7 Support (title only)
only) 8 Operation (title only)
Resources, roles, responsibility, 4.4.1 5.1 Leadership and commitment
accountability and authority 5.3 Organizational roles, responsibilities
and authorities
7.1 Resources
Competence, training and awareness 4.4.2 7.2 Competence
7.3 Awareness
Communication, participation and 4.4.3 5 Leadership and worker participation
consultation (title only) (title only)
Communication 4.4.3.1 7.4 Communication
7.4.1 General
7.4.2 Internal communication
7.4.3 External communication
8.1.4.2 Contractors
8.1.4.3 Outsourcing
Participation and consultation 4.4.3.2 4.2 Understanding the needs and
expectations of workers and other
interested parties
5.4 Consultation and participation of
workers
8.1.4.2 Contractors
Documentation 4.4.4 7.5 Documented information (title only)
7.5.1 General
Control of documents 4.4.5 7.5.2 Creating and updating
7.5.3 Control of documented information

10 Version: Rev 1
Operational Control 4.4.6 6.1.1 General
6.1.4 Planning action
8.1 Operational planning and control (title
only)
8.1.1 General
8.1.2 Eliminating hazards and reducing OH&S
risks
8.1.3 Management of change
8.1.4 Procurement (title only)
8.1.4.1 General
8.1.4.2 Contractors
8.1.4.3 Outsourcing
Emergency preparedness and response 4.4.7 8.2 Emergency preparedness and response
Checking (title only) 4.5 9 Performance evaluation (title only)
Performance measurement and 4.5.1 9.1 Monitoring, measurement, analysis and
monitoring performance evaluation (title only)
9.1.1 General
Evaluation of compliance 4.5.2 9.1.2 Evaluation of compliance
Incident investigation, nonconformity, 4.5.3 10.2 Incident, nonconformity and corrective
corrective action and preventive action
action (title only)
Incident investigation 4.5.3.1 10.2 Incident, nonconformity and corrective
action
Nonconformity, corrective action and 4.5.3.2 10.2 Incident, nonconformity and corrective
preventive action action
Control of records 4.5.4 7.5 Documented information (title only)
7.5.1 General
7.5.2 Creating and updating
7.5.3 Control of documented information
Internal audit 4.5.5 9.2 Internal audit (title only)
9.2.1 General
9.2.2 Internal audit programme
Management review 4.6 4 Context of the organization (title only)
Understanding the organization and its
4.1 context
Understanding the needs and
4.2 expectations of workers and other
interested parties
9.3 Management review
10 Improvement (title only)
10.1 General
10.3 Continual improvement

11 Version: Rev 1