Checklist

BS OHSAS 45001:2018 Audit Checklist

Reviewed January 20
Guidelines for use

This checklist is designed for use as an internal review to assess management systems against the requirements of ISO 45001. The checklist contains all of the requirements
of the Standard, though some requirements have been treated as key requirements and some as more detailed. This checklist is not designed for use in a formal certification
audit.

The auditor should be competent, impartial and objective. An audit or a review using this checklist should be carefully planned and conducted.

The form below provides for a “Y” or “N” response against each part, the noting of follow-up actions, and the assignment of responsibility for actions, together with a time
scale for completion.

Available on the Barbour service is BS ISO 45001 Occupational health and safety management systems. Requirements with guidance for use. This provides the text of
the Standard together with detailed guidance on the interpretation of each clause. Several Barbour resources on ISO 45001 are also available.

Checklist 2020 1
 Key Requirements
Numbers refer to parts of ISO 45001
4.0 Context of the organisation
4.1 Understanding the organisation and its context
Organisations will need to consider what are the relevant issues,
both inside and out, that have an impact on or affect its ability to
achieve the intended outcome(s) of the OH&S management
system.
‘Issues’ can relate to both actual or potential problems, and also
to any important topics for the system to address. This might
include changing circumstances, legal requirements or other
obligations.
4.2 Understanding the needs and expectations of workers and other interested parties
An organisation must identify and consider the needs and Additional to workers, interested parties can include:
expectations of the ‘interested parties’ relevant to the OH&S • management, contractors, unions, suppliers
management system, including its workers and other people such
as customers, owners, clients and visitors. • community, consumers, regulators, shareholders.
It must determine which of these needs and expectations are, or
could become, legal requirements and/or other requirements.
4.3 Determining the scope of the OH&S management system
The organisation needs to clarify the boundaries and
applicability of the system so as to establish its scope.
An organisation's OH&S management system should consider
the activities, products and services that are within its control or
influence which can have an impact on the organisation’s OH&S
performance.
Checklist 2020
Further Detail on Compliant Actions By Whom Time Scale
Requirements/Considerations Y/N
External issues may include:
• cultural, political, economic and legal issues,
natural surroundings and market competition
• new competitors, technologies and laws and new
knowledge on products and their effect on health
and safety.
Internal issues may include:
• organisational structure, roles, accountabilities,
capabilities and organisational culture
• information systems, flows and decision-making
• the introduction of new products and equipment.
The needs and expectations of both managerial and
non-managerial workers and workers representatives
(where they exist) should be considered.
When determining the scope, the organisation should:
• consider the external/internal issues (see clause
4.1)
• take into account requirements (see clause 4.2)
• take into account the planned or performed work-
related activities.
The scope is included as documented information.
2
 Key Requirements Further Detail on Compliant Actions By Whom Time Scale
Numbers refer to parts of ISO 45001 Requirements/Considerations Y/N

4.4 OH&S management system

The final clause notes that an organisation shall establish,
implement, maintain and continually improve the OH&S
management systemin line with the requirements of the standard
document.

5.0 Leadership and worker participation

5.1 Leadership and commitment
Top management refers to the group of people or person who
directs and controls the organisation at the highest level.
In order to demonstrate leadership and commitment
with respect to the OH&S management system, does
top management:
a) take overall responsibility and accountability for the
prevention of work-related injuries and ill health,
and provide safe and healthy workplaces and
activities?
b) ensure OH&S policy and related objectives are
established and compatible with the strategic
direction of the organisation?
c) ensure the integration of the OH&S management
system requirements into the organisation’s
business processes?
d) ensure that the resources needed to establish,
implement, maintain and improve the OH&S
management system are available?
e) communicate the importance of effective OH&S
management and of conforming to the OH&S
management system requirements?
f) ensure that the OH&S management system
achieves its intended outcome(s)?
g) direct and support persons to contribute to the
effectiveness of the OH&S management system?
h) ensure and promote continual improvements?
i) support other relevant management roles to
demonstrate their leadership as it applies to their
areas of responsibility?
j) develop, lead and promote a culture in the
organisation that supports the intended outcomes
of the OH&S management system?

Checklist 2020 3
 Key Requirements Further Detail on Compliant Actions By Whom Time Scale
Numbers refer to parts of ISO 45001 Requirements/Considerations Y/N
k) protect workers from reprisals when reporting
incidents, hazards, risks and opportunities?
l) ensure the organisation establishes and
implements a process(es) for consultation and
participation of workers? (see 5.4)
m) support the establishment and functioning of
health and safety committees? (see 5.4)

ISO 45001 requires consultations with workers that

involve seeking views before making a decision, with
clear two-way communication and identifying and
removing obstacles to participation. This must include
non-managerial workers.

5.2 OH&S policy

Has top management established, implemented and maintained The OH&S policy shall be:
an OH&S policy that commits to: • available as documented information
• Providing safe and healthy working conditions for the • communicated within the organisation
prevention of work-related injury and ill-health? The policy
should be appropriate to the purpose, size and context of • available to interested parties
the organisation. • relevant and appropriate.
• Providing a framework for setting the OH&S objectives.
• Satisfying legal requirements.
• Eliminating hazards and reducing OH&S risks.
• Continual improvement of the OH&S management system.
• Consultation and participation of workers, and workers’
representatives (where they exist).

5.3 Organisational roles, responsibilities and authorities

Does top management: Workers at each level of the organisation are
Ensure responsibilities and authorities for relevant roles within the responsible for the aspects of the OH&S management
OH&S management system are assigned and communicated at system over which they have control.
all levels within the organisation and maintained as documented
information? Ultimately, top management are accountable for the
functioning of the OH&S management system.
assign responsibility and authority to ensure the that the OH&S
management system conforms to the requirements of the

Checklist 2020 4
 Key Requirements Further Detail on Compliant Actions By Whom Time Scale
Numbers refer to parts of ISO 45001 Requirements/Considerations Y/N
standard report on the performance of the OH&S management
system?

5.4 Consultation and participation of workers

Does the organisation establish, implement and maintain
processes?
For consultation and participation of workers at all applicable
levels and functions and where they exist, workers
representatives in the development, planning, implementation,
evaluation and actions for improvement of the OH&S
management system?
Consultation implies two-way consultation.
Worker representation can be a mechanism for
consultation and participation.
Obstacles and barriers can include, for example, failure
to respond to worker inputs or suggestions, language or
literacy barriers, or threats of reprisals.

Emphasising the consultation and participation of non-

The clause also asks organisations to consider if they have
provided:
• mechanisms, time, training and resources necessary
for consultation and participation?
• timely access to clear, understandable and relevant
information about the OH&S management system?
The organisation is also directed to determine and remove any
obstacles or barriers to participation and to minimise any that
cannot be removed.
managerial workers is intended to apply to those
carrying out the work activities, but is not intended to
exclude, for example, managers who are impacted by
work activities or other factors in the organisation.
It is suggested that training that is provided at no cost
to workers or which takes place during working hours
can remove barriers to worker participation.

Does the organisation highlight the consultation of non-

managerial workers on:
• determining the needs and expectations of interested
parties (see 4.2)
• establishing the OH&S policy (see 5.2)
• assigning organisational roles, responsibilities and
authorities, as applicable (see 5.3)
• determining how to fulfil legal requirements and other
requirements
• establishing OH&S objectives and planning to achieve
them (see 6.2)
• determining applicable controls for outsourcing,
procurement and contractors (see 8.1.4)
• determining what needs to be monitored, measured and

Checklist 2020 5
 Key Requirements Further Detail on Compliant Actions By Whom Time Scale
Numbers refer to parts of ISO 45001 Requirements/Considerations Y/N
evaluated (see 9.1)
• planning, establishing, implementing and maintaining an
audit programme(s) (see 9.2.2)
• ensuring continual improvement (see 10.3).

Does the organisation emphasise the participation of non-

managerial workers in the following:
• determining the mechanisms for their consultation and
participation?
• hazard identification and assessment of risks and
opportunities? (see 6.1.1 and 6.1.2)
• actions to eliminate hazards and reduce OH&S risks? (see
6.1.4)
• identification of competency requirements, training needs,
training and evaluation of training? determining what needs
to be communicated and how this will be done?
• determining control measures and their effective
implementation and use (see 8.1, 8.1.3 and 8.2)
• investigating incidents and nonconformities and
determining corrective actions (see 10.2).

6.0 Planning
6.1 Actions to address risks and opportunities
Has the organisation considered the issues referred to in 4.1
(context), the requirements referred to in 4.2 (interested parties)
and 4.3 (the scope of its OH&S management system) in the
planning stage?

When determining the risks and opportunities for the OH&S

management system and its intended outcomes, the organisation
should consider hazards, OH&S risks, other risks, OH&S
opportunities, legal and other requirements.

In its planning process(es), the organisation is required to

determine and assess the risks and opportunities that are
relevant to the intended outcomes of the OH&S management
system associated with changes in the organisation, its

Checklist 2020 6
 Key Requirements
Numbers refer to parts of ISO 45001
processes or the OH&S management system?
In the event of planned changes, permanent or temporary, this
assessment should be carried out before the change is
implemented. (see 8.1.3)
Documented information should be maintained on risks and
opportunities, and on the process(es) and actions needed to
determine and address its risks and opportunities (see 6.1.2 to
6.1.4).
6.1.2 Hazard identification and assessment of risks and opportunities
6.1.2.1 Hazard identification
Does the organisation have a process(es) in place for identifying
hazards which is maintained, ongoing and proactive?
Checklist 2020
Further Detail on Compliant Actions By Whom Time Scale
Requirements/Considerations Y/N
Does the process(es) take account of (for example)?:
• organisation of the work, social factors (eg
workload, work hours, victimization, harassment
and bullying), leadership and workplace culture
organisation
• routine and non-routine activities and situations,
including hazards arising from, for example,
infrastructure, equipment, materials, substances
and physical conditions of the workplace
• incidents that have arisen in the past, relevant to
the organisation, both internal or external
(including any emergencies and their cause)
potential emergency situations
• people, including consideration of those with
access to the workplace and their activities (eg
contractors), workers at a location not under the
direct control of the organisation, etc
• other issues, including issues such as the design
of work areas, machinery/equipment, operating
procedures, and so on
• actual or proposed changes in organisation,
operations, processes, activities and the OH&S
management system (see 8.1.3)
• changes in knowledge of, and information about,
hazards.
7
 Key Requirements Further Detail on Compliant Actions By Whom Time Scale
Numbers refer to parts of ISO 45001 Requirements/Considerations Y/N

6.1.2.2 Assessment of OH&S risks and other risks to the OH&S management system
The standard requires the organisation to establish, implement
and maintain a process(es) which will:
• assess OH&S risks from the identified hazards, while taking
into account the effectiveness of existing controls
• determine and assess the other risks related to the
establishment, implementation, operation and maintenance
of the OH&S management system.
Has the organisation’s methodology(ies) and criteria
for the assessment of OH&S risks been defined in
relation to their scope, nature and timing to ensure
they are proactive rather than reactive and used in a
systematic way?
Will documented information be maintained and
retained on the methodology(ies) and criteria.

Risks to the management system are those more

traditionally related to business risk, such as peaks in
workflow, restructuring as well as external issues such
as economic change.

6.1.2.3 Assessment of OH&S opportunities and other opportunities for the OH&S management systems

Does the organisation have an established, implemented and OH&S opportunities are circumstance(s) that can lead
maintained a process(es) to assess OH&S opportunities that can to improvement of OH&S performance.
enhance OH&S performance? These should take into account
any planned changes to the organisation, its policies, processes
or activities, along with:
o organisation opportunities to adapt work, work
organisation and work environment to workers
o opportunities to eliminate hazards and reduce
OH&S risks
• other opportunities for improving the OH&S management
system.
Said policies should also consider other opportunities for
improving the OH&S management system.

6.1.3 Determination of legal requirements and other requirements

The organisation should have a process to determine and have Has the organisation:
access to health and safety legal requirements and other maintained and retained documented information on
requirements applicable to its hazards, OH&S risks and OH&S its legal requirements and other requirements?
management system.

ensured that this is updated to reflect any changes?

The process should cover:

Checklist 2020 8
 Key Requirements
Numbers refer to parts of ISO 45001
• the organisation’s legal (and other) requirements and
how are they determined, accessed and kept up-to-
date
• how these legal and other requirements apply to the
organisation
• how these legal and other requirements are taken into
account when establishing, implementing, maintaining
and continually improving the organisation’s OH&S
management system.
6.1.4 Planning action
Has planning been undertaken to consider actions to: address
risks/opportunities, legal/other requirements, prepare for/respond
to emergency situations?
Has the organisation planned how to: integrate and implement
the actions into its OH&S management system processes or
other business processes, and to evaluate the effectiveness of
these actions?
6.2 OH&S objectives and planning to achieve them
6.2.1 OH&S objectives
The organisation needs to establish OH&S objectives which are
measurable or can be evaluated. Such objectives need to
maintain and continually improve the OH&S management
system.
Procedures should be established, implemented and maintained
in order to monitor and measure OH&S performance on a regular
basis.
Checklist 2020
Further Detail on Compliant Actions By Whom Time Scale
Requirements/Considerations Y/N
Legal requirements could include:
• Acts and statutory instruments such as the
Safety, Health and Welfare at Work Act
2005 and the Safety, Health and Welfare at
Work (Chemical Agents) Regulations 2001
• Licences, permits and other forms of
authorisation such as the EPA Office of
Radiological Protection licence or Seveso
establishment notification.
Other requirements could include:
• parent company protocols or policies
collective bargaining agreements.
When planning to take action, has the organisation
considered the hierarchy of controls (see 8.1.2) and
outputs from the OH&S management system?
In terms of planning actions, organisations should
consider the best practices, technological options and
financial, operational and business requirements.
Do the objectives take into account:
• applicable requirements
• the results of the assessment of risks and
opportunities (see 6.1.2.2 and 6.1.2.3)
• the results of consultation with workers (see 5.4)
and workers’ representatives (if applicable).
9
 Key Requirements Further Detail on Compliant Actions By Whom Time Scale
Numbers refer to parts of ISO 45001 Requirements/Considerations Y/N
The OH&S objectives shall be monitored,
If equipment is required to monitor or measure performance, the communicated and updated as appropriate.
organisation shall establish and maintain procedures for the
calibration and maintenance of such equipment, as appropriate.
Records of calibration and maintenance activities and results
shall be kept.

6.2.2 Planning to achieve OH&S objectives

To plan how to achieve its OH&S objectives, the organisation
should determine several factors, including what will be done,
resources required, responsibilities, deadlines and timescales,
measuring and monitoring, evaluation of results, and integration
of the OH&S objectives into the business process.
Consider if the organisation has maintained and
retained documented information on the OH&S
objectives and its plans to achieve them.

7.0 Support
7.1 Resources
The provision of resources necessary to establish and maintain
an effective OH&S management system shall be established.

7.2 Competence
Does the organisation ensure that workers are competent Examples of applicable actions can include the
(including the ability to identify hazards) on the basis of provision of training to, mentoring of, or the
appropriate education, induction, training, or experience? reassignment of those currently employed.

In addition, has the organisation: determined and provided the

necessary resources for the competence of workers that affects
or can affect its OH&S performance
• taken actions to acquire and maintain the necessary
competence (where applicable), and evaluate the
effectiveness of the actions taken?
• retained appropriate documented information as evidence of
competence?

7.3 Awareness
Does the organisation make workers aware of:

Checklist 2020 10
 Key Requirements Further Detail on Compliant Actions By Whom Time Scale
Numbers refer to parts of ISO 45001 Requirements/Considerations Y/N
• the OH&S policy and OH&S objectives?
• their contribution to the effectiveness of the OH&S
management system, including the benefits of
improved OH&S performance?
• the implications and possible consequences of not
conforming to the requirements of the OH&S
management system
• the outcomes of any relevant incident investigations
• the ability to remove themselves from work situations
that they consider present an imminent danger to their
life or health, as well as the arrangements for
protecting them from undue consequences for doing
so?

7.4 Communication
7.4.1 General
Has the organisation established, implemented and maintained Diversity aspects such as gender, language, culture,
the process(es) needed for the internal and external literacy and disability should be taken into consideration
communications relevant to the OH&S management system when considering communication needs.
including determining:
The organisation should ensure that the views of
• on what it will communicate? external interested parties are considered in
establishing its communication process(es)?
• when to communicate?
• with whom to communicate? The following should be taken into account when
establishing a communication process(es):
• how to communicate?
• legal requirements and other requirements
• OH&S information communicated is consistent
with information generated within the OH&S
management system and is reliable.

The organisation should respond to relevant

communications on its OH&S management system, and
documented information retained as evidence of its
communications (as appropriate).

7.4.2 Internal communication

The standard requires that an organisation communicates
information internally that is relevant to the OH&S management

Checklist 2020 11
 Key Requirements Further Detail on Compliant Actions By Whom Time Scale
Numbers refer to parts of ISO 45001 Requirements/Considerations Y/N
system. This should go to various levels and functions of the
organisation.

The communication process should enable workers to contribute

to continual improvement.

7.4.3 External communication

In terms of external communication, the standard requires the
organisation to communicate information that is relevant to the
OH&S management system. This should take into account any
legal, and other, requirements.

7.5 Documented information

7.5.1 General
‘Documented information’ is new to ISO 45001, replacing OHSAS Documented information can differ between
18001 references to ‘document’ and ‘records’. organisations for several reasons, including size, type
of activity, products etc, the need to fulfil legal
requirements, competence of workers, and so on.
The organisation’s OH&S management system is required to
include documented information.

7.5.2 Creating and updating

The following should be considered when creating and updating
documented information:
• identification and description (e.g. a title, date, author or
reference number)
• format (e.g. language, software version, graphics) and
media (e.g. paper, electronic)
• review and approval for suitability and adequacy.

7.5.3 Control of documented information

Control of documented information is required to ensure it is
available and suitable for use whenever it is needed, and to
ensure it is adequately protected (e.g. from improper use).
In order to control documented information, the organisation is
required to address the following activities, as applicable:
Access can mean decisions in respect of permission to
view the documented information only, or permission
and authority to view and change the documented
information.

Checklist 2020 12
 Key Requirements Further Detail on Compliant Actions By Whom Time Scale
Numbers refer to parts of ISO 45001 Requirements/Considerations Y/N
• distribution, access, retrieval and use
• storage and preservation, including preservation of Access may be requested by workers, and, where they
legibility exist, workers' representatives.
• control of changes (e.g. version control)
• retention and disposition.

8.0 Operation
8.1 Operational planning and control
8.1.1 General
Organisations are required to control not only implementation and
planned changes to processes, but also to unintended,
unplanned changes.

Where unintended changes are made, the organisation will have

to demonstrate that it has identified any actual or potential
adverse effects and taken action to mitigate them.

Does the organisation determine, plan, implement, control and

maintain the processes to meet requirements of the OH&S
management system by:
• establishing a criteria for the processes and
implementing control of them?
• maintaining and retaining documented information to
the extent necessary to have confidence that the
processes have been carried out as planned?
• adapting work to workers?
• on multi-employer workplaces, has the organisation
implemented a process for coordinating the relevant
parts of the OH&S management system with other
organisations?

8.1.2 Eliminating hazards and reducing OH&S risks

The following hierarchy of controls should be used by the In many countries, legal requirements and other
organisation in order for it to establish, implement and maintain a requirements include the requirement that personal
process(es) for the elimination of hazards and reduction of OH&S protective equipment (PPE) is provided at no cost to
risks: workers.

Checklist 2020 13
 Key Requirements Further Detail on Compliant Actions By Whom Time Scale
Numbers refer to parts of ISO 45001 Requirements/Considerations Y/N
• eliminate the hazard
• substitute with less hazardous processes, operations,
materials or equipment
• use engineering controls and reorganisation of work
• use administrative controls, including training; use of
adequate personal protective equipment.

8.1.3 Management of change

The organisation is required to systematically plan for changes Changes can result in risks and opportunities.
that could impact OH&S performance. This may include new
products, services and processes or any changes to existing
ones. For example: workplace locations/environment; work
organisation and working conditions; equipment; etc.

• Changes may also occur to legal, and other, requirements,

changes to knowledge about hazards or OH&S risks;
changes from knowledge or technology.

Has the organisation reviewed the consequences of unintended

changes, taken action to mitigate any adverse effects, as
necessary?

8.1.4 Procurement
8.1.4.1 General
Has the organisation established, implemented, and maintained a
process(es) to control the procurement of products and services
in order to ensure their conformity to its OH&S management
system?

8.1.4.2 Contractors
The organisation is required to coordinate its procurement Including the occupational health and safety criteria for
process(es) with its contractors to identify hazards and assess the selection of contractors can be useful.
and control the OH&S risks arising from the:
• contractors’ activities and operations that impact the
organisation

Checklist 2020 14
 Key Requirements Further Detail on Compliant Actions By Whom Time Scale
Numbers refer to parts of ISO 45001 Requirements/Considerations Y/N
• organisation’s activities and operations that impact the
contractors’ workers
• contractors’ activities and operations that impact other
interested parties in the workplace.

Has the organisation ensured that the requirements of its OH&S

management system are met by contractors and their workers?

Does the organisation’s procurement process(es) define and

apply occupational health and safety criteria for the selection of
contractors?

8.1.4.3 Outsourcing
Organisations are required to ensure that any outsourced Coordination with external providers can assist an
functions and processes are controlled. organisation to address any impact to arise from
outsourcing on OH&S performance.
Has the organisation ensured that its outsourcing arrangements
are consistent with legal, and other, requirements and with
achieving the intended outcomes of the OH&S management
system?

The OH&S management system must clearly define the type and
degree of control to be applied to these functions and processes.

8.2 Emergency preparedness and response

To address arrangements with regards to emergency
preparedness and response, the organisation must establish,
implement and maintain a process(es) (as identified in clause
6.1.2.1) that identifies factors including:
• planned response to emergency situations, including the
provision of first aid
• training provision for the planned response
• periodical testing and exercising the capability of the
planned response
• performance evaluation and, as necessary, revision of the
planned response, including after testing and, in particular,
following the occurrence of emergency situations
• communication and provision of relevant information to all

Checklist 2020 15
 Key Requirements Further Detail on Compliant Actions By Whom Time Scale
Numbers refer to parts of ISO 45001 Requirements/Considerations Y/N
workers on their duties and responsibilities
• communication of relevant information to contractors,
visitors, emergency response services, government
authorities and, as appropriate, the local community
• consideration of the needs and capabilities of all relevant
interested parties, ensuring their involvement, as
appropriate, in the development of the planned response.

The organisation must also maintain and retain documented

information on the process(es) and on the plans for responding to
potential emergency situations.

9 Performance evaluation
9.1 Monitoring, measurement, analysis and performance evaluation
9.1.1 General
When considering performance evaluation in terms of monitoring, There can be legal requirements or other
measuring, analysing and evaluating, the organisation is required requirements (e.g. national or international
to establish, implement and maintain a process(es) and in doing standards) concerning the calibration or verification
so, determine: of monitoring and measuring equipment.
• what needs to be monitored and measured, for example:
o the extent to which legal requirements and other
requirements are fulfilled
o its activities and operations in relation to
identified hazards, risks and opportunities
o progress towards achievement of the
organisation’s OH&S objectives
o effectiveness of operational and other controls
• the methods for monitoring, measurement, analysis and
performance evaluation, as applicable, to ensure valid
results
• the criteria against which the organisation will evaluate its
OH&S performance
• when the monitoring and measuring shall be performed
• when the results from monitoring and measurement shall be
analysed, evaluated and communicated.

The organisation must also evaluate the OH&S performance and

determine the effectiveness of the OH&S management system.
organisation

Checklist 2020 16
 Key Requirements Further Detail on Compliant Actions By Whom Time Scale
Numbers refer to parts of ISO 45001 Requirements/Considerations Y/N

Any monitoring and measuring equipment must be calibrated or

verified as applicable, and used and maintained appropriately.

Appropriate documented information must be retained:

• as evidence of the results of monitoring, measurement,
analysis and performance evaluation
• on the maintenance, calibration or verification of measuring
equipment.

9.1.2 Evaluation of compliance

In establishing, implementing and maintaining a process(es) for
evaluating legal, and other, compliance, the frequency and
method(s) must be determined. The organisation must also
assess compliance and take any necessary action (see 10.2).

Knowledge and understanding of the organisation’s compliance

status with legal, and other, requirements must be maintained
and documented information of the compliance evaluation
result(s) are to be retained.

9.2 Internal audit

9.2.1 General
Internal audits should be conducted at planned intervals to
provide information on whether the OH&S management system
conforms to:
• the organisation’s own requirements for its OH&S
management system, including the OH&S policy and
OH&S objectives; the requirements of the standard
• is effectively implemented and maintained.

9.2.2 Internal audit programme

Amongst these requirements, the organisation is to: For more information on auditing and the competence
of auditors, see ISO 19011.
• plan, establish, implement and maintain an audit
program(s) that includes the consultation requirements,

Checklist 2020 17
 Key Requirements Further Detail on Compliant Actions By Whom Time Scale
Numbers refer to parts of ISO 45001 Requirements/Considerations Y/N
and which takes into consideration the importance of
the processes concerned and the results of previous
audits
• select competent auditors and conduct audits to ensure
objectivity and impartiality of the audit process
• ensure that the results of the audits are reported to
relevant managers, workers, and where they exist,
workers representatives, and other relevant interested
parties
• define the audit criteria and scope and address any
nonconformities that may arise.

Again, documented information is to be retained.

9.3 Management review

The organisation must consider whether: Consideration should be given to the timescales for
• top management has systematically reviewed the management reviews.
organisation’s OH&S management system, to ensure
continuing suitability, adequacy and effectiveness.
The management review should include consideration of factors
including:
• the status of actions from previous management reviews
• changes in external and internal issues that are relevant to
the OH&S management system including risks and
opportunities, and legal, and other, requirements
• the extent to which the OH&S policy and the OH&S
objectives have been met
• information on the OH&S performance, including trends in
incidents, nonconformities, corrective actions and continual
improvement, results of legal compliance evaluations and
audit results, consultation and participation of workers and
risks and opportunities
• adequacy of resources for maintaining an effective OH&S
management system
• relevant communication(s) with interested parties
• opportunities for continual improvement.

The organisation must also consider if the output of the

management review includes decisions that relate to areas such

Checklist 2020 18
 Key Requirements Further Detail on Compliant Actions By Whom Time Scale
Numbers refer to parts of ISO 45001 Requirements/Considerations Y/N
as:
• the continuing suitability, adequacy and effectiveness of the
OH&S management system
• continual improvement
• the need for any changes to the OH&S management system
• resources needed
• any necessary actions
• improving the integration of the OH&S management system
with other business processes
• any implications for the strategic direction of the
organisation.

Has the organisation communicated the relevant outputs of the

management review to its relevant workers, and where they exist,
workers representatives (see 7.4)?

Documented information is required as evidence of the

management review outcomes.

10 Improvement
10.1 General
Consideration should be given to any opportunities for
improvement (see Clause 9) and any necessary actions to
achieve the intended outcomes of its OH&S management system
should be implemented.

10.2 Incident, nonconformity and corrective action

In terms of corrective action requirements, the standard asserts The reporting and investigation of incidents without
that organisations must react to incidents or nonconformities and undue delay can enable hazards to be eliminated and
take action in a timely manner, to control and correct these and associated OH&S risks to be minimised as soon as
deal with the consequences. possible.

For example, it wants to see that an organisation has established,

implemented and maintained a process(es), including reporting,
investigating and taking action, to determine and manage
incidents and nonconformities.

Checklist 2020 19
 Key Requirements Further Detail on Compliant Actions By Whom Time Scale
Numbers refer to parts of ISO 45001 Requirements/Considerations Y/N

In the event of an incident or a nonconformity occurring, the

organisation must determine how to respond; does it react in a
timely manner to the incident or nonconformity and, as
applicable:
1. take action to control, and correct it
2. deal with the consequences.

The organisation is required to evaluate, with the participation of

workers (see 5.4) and the involvement of other relevant
interested parties, the need for corrective action to eliminate the
root cause(s) of the incident or nonconformity, in order that it
does not recur or occur elsewhere, by:

1. investigating the incident or reviewing the nonconformity

2. determining the cause(s) of the incident or nonconformity?
3. determining if similar incidents or nonconformities exist or
could potentially occur.

In addition, when an incident or a nonconformity occurs, the

organisation must show that it has:

• reviewed existing assessments of OH&S risks and

other risks, as appropriate (see 6.1)
• determined and implemented any action needed,
including corrective action, in accordance with the
hierarchy of controls (see 8.1.2) and the management
of change (see 8.1.3)
• assessed OH&S risks that relate to new or changed
hazards, prior to taking action
• reviewed the effectiveness of any action taken,
including corrective action
• made changes to the OH&S management system, if
necessary.

Are corrective actions appropriate to the effects or potential

effects of the incidents or nonconformities encountered?

Checklist 2020 20
 Key Requirements Further Detail on Compliant Actions By Whom Time Scale
Numbers refer to parts of ISO 45001 Requirements/Considerations Y/N
Documented information must be retained to show the nature of
the incidents or nonconformities and any subsequent actions
taken, and the results of any action and corrective action,
including their effectiveness.

The organisation must communicate the ISO 45001:2018

documented information to relevant workers and where they
exist, workers representatives and other interested parties.

10.3 Continual improvement

The organisation is required to have procedures in place for the
continual improvement of the suitability, adequacy and
effectiveness of the OH&S management system. The standard
requires this by:
• enhancing OH&S performance
• promoting a culture that supports an OH&S management
system
• promoting the participation of workers in implementing
actions for the continual improvement of the OH&S
management system
• communicating the relevant results of continual
improvement to workers, and, where they exist, workers’
representatives
• maintaining and retaining documented information as
evidence of continual improvement.

Disclaimer

These example forms, checklists and model policies are provided by Barbour for general guidance on matters of interest. In making these documents available to a general and diverse audience it is not possible to
anticipate the requirements or the hazards of any subscriber’s business. Users are therefore advised to carefully evaluate the contents and adapt the forms and checklists to suit the requirements of each situation. Barbour
does not accept any liability whatsoever for injury, damage or other losses which may arise from reliance on this information and the use of these documents.

Copyright of these documents remains with Barbour and whilst subscribers are permitted to make use of them for their own purposes, permission is not granted for resale of the intellectual property to third parties.

Checklist 2020 21