Clause 3 Terms and Definitions

Return to Top
Q: Regarding the term “occupational health”. A national drafting committee suggests
the term is translated as “occupational hygiene” (or “industrial hygiene”).
Is there any special intention for the use of the term “occupational health” instead of
“occupational hygiene” (or “industrial hygiene”) in ISO 45001, or they can be used
alternatively?
A: “occupational health” is not a defined term within ISO 45001, however there are
six terms within ISO 45001 that do include “occupational health” within their title.
ISO 45001 uses the term injury and ill health (3.18) defined as adverse effect on the
physical, mental or cognitive condition of a person and this has a direct relationship
to occupational health and safety, where in general terms occupational health links
to ill health whilst safety links to injury.
Whilst “occupational health” relates generally to the promotion and maintenance of
the health and well-being of a person, “occupational hygiene or industrial hygiene”
relates more specifically to recognising and controlling the health hazards and the
conditions in the workplace with the objective of preventing ill health.
In conclusion the term “occupational hygiene” (or “industrial hygiene”) has a
narrower meaning than “occupational health” and is therefore not synonymous.
For countries where ISO 45001 is published in their national language rather than
English it should be endeavoured to use national language that best fits the definition
of this term with clarification (if considered necessary) in a National Foreword.

Clause 4.1, 4.2, 4.3 The scope of the OH&S management

system

Return to Top
Q: Can an organization with two or more sites choose to limit its scope to a single
site?
A: Yes. It can include any or all sites, depending on what the organization deems
appropriate.

If the OH&S management system covers only part of the organization, there must be
a level of top management that has authority over what is included in the scope of
the management system.

If the scope of the OH&S management system is limited to specific sites it should still
include all activities or functions related to operations at that site.
It is possible for an organization to establish an OH&S management system with a
limited scope – say one site – initially and over time widen that scope to the whole
organization.
Q: Does the scope of ISO 45001:2018 include the image of the organization?
A: Clause 4.1 of ISO 45001:2018 states: “The organization shall determine
external… issues… relevant to its purpose and that affect its ability to achieve the
intended outcomes of its OH&S management system”. Clause 4.2 of ISO
45001:2018 states: “The organization shall determine the needs and expectations (ie
requirements) of workers and other interested parties.”

Clause 5 Leadership
Return to Top
Q:
A:

Clause 6 Planning
Return to Top
Q: The last paragraph in 6.1.2.2 states:
“The organization’s methodology(ies) and criteria for the assessment of OH&S risks
shall be defined with respect to their scope, nature and timing to ensure they are
proactive rather than reactive and are used in a systematic way. Documented
information shall be maintained and retained on the methodology(ies) and
criteria”

Q1: Does the requirement “shall be defined with respect to their scope, nature and
timing” refer to the OH&S
risks?
Q2: Does the phrase “to ensure they are proactive rather than reactive and are used
in a systematic way” refer to the organization’s methodologies?

A: A1: In clause 6.1.2.2 “shall be defined with respect to their scope, nature and
timing” refers to the methodology(ies) and criteria for the assessment of OH&S
risks.

A2: In clause 6.1.2.2 the phrase “to ensure they are proactive rather than reactive
and are used in a systematic way” relates both to the organization’s
methodology(ies) and criteria for the assessment of OH&S risks and as to how this is
applied (e.g. scope, nature and timing)

Questions on Routine vs. Non-Routine Tasks

Q1: What is the difference between routine and non-routine tasks?
Q2: How should this difference translate/impact to the hazard-risk assessment?
Q3: Are routine tasks the same as what ISO 14001 refers to as normal operating
conditions?
Q4: Are non-routine tasks the same as what ISO 14001 refers to as abnormal
operating conditions?
A1: As per A.6.1.2.1 in ISO 45001, routine activities and situations are those which
create hazards through day to day operations and normal work activities whilst non-
routine activities and situations are occasional, infrequent or
unplanned.

A2: The approach towards hazard identification & risk assessment relating to routine
or non-routine activities and situations should essentially be the same, however as
non-routine activities and situations are by their nature occasional, infrequent or
unplanned by inference the frequency or length of exposure may be less. It may,
however, be more challenging to ensure the health and safety of non-routine
activities, as it may be harder to maintain workers’ competence for activities they
rarely perform, the infrequency of the activity may increase the likelihood of human
error, and there may be greater risk associated with the activity itself, for example if
machine guarding has to be removed for occasional maintenance
activities.
A3: In general the respective standards approaches in this area are similar, however,
ISO 45001 requirements relate specifically to the OH&S hazards & risks that arise
from routine activities, situations and tasks, whilst ISO 14001 requirements relate to
the environmental aspects and impacts associated with normal operating conditions,
there can be important differences between activities, situations, tasks and normal
operating conditions.
A4: In general the respective standards approaches in this area are similar, however,
non-routine activities and situations are by their inference occasional, infrequent or
unplanned, for example maintenance tasks, whilst abnormal conditions in ISO 14001
relate specifically to operating conditions which are not normal, for example at the
start-up or shut down of a process.

Q: Regarding actions to address risks and opportunities, ISO 14001:2015 specifies

that the organization “…determine the risks and opportunities, related to its
environmental aspects (see 6.1.2), compliance obligations (see 6.1.3) and other
issues and requirements, identified in 4.1 and 4.2 that need to be addressed to” so it
is clear that risk related to 4.1, 4.2, 6.1.2 and 6.1.3 are to be determined, but ISO
45001:2018 does not specify in the same way –
a) What is the reason behind it?

b) Also, what is the meaning of “other risks” – is it risk related to 4.1, 4.2?
A:
a) While most ISO management system standards including ISO 14001 and ISO
45001 are built around the common framework and high level text provided in Annex
SL of the ISO directives, there is always flexibility for standards writers as to how
they build upon this framework, and so writers of different standards may choose
different ways of describing requirements which, when analysed closely, may, in fact,
be very similar.

b) The term "other risks" in 6.1.2.2 means specifically “any other risks” (other than
“OH&S risks”) relating to the establishment, implementation, operation and
maintenance of the OH&S management system, that are determined taking into
account the issues referred to in 4.1 and the requirements referred to in 4.2.

Clause 7 Support
Return to Top
Q:
A:

Clause 8 Operation
Return to Top
Q:
A:

Clause 8.1.4 Procurement

Q: When an organization outsources part of its function or process to an external
organization for implementation, is the external organization also to be treated as a
contractor?
A : Yes, effectively the external organization is providing a service to the
organization and the requirements of 8.1.4.2 and 8.1.4.3 are both applicable. The
definitions in the standard for contractor (3.7) and outsource (3.29) clarify these
relationships

Q: Suppose there is a factory whose products have to undergo a heat treatment

process, but there is no related heat treatment facilities and technology in this
factory, so the heat treatment process is outsourced to an external heat treatment
plant. This heat treatment plant is an independent company and is located far away
from this factory. What impacts does this outsourced heat treatment process have on
the OH&S performance of the organization?

A: The intended outcomes of the OH&S management system are to prevent injury
and ill health to workers and to provide safe and healthy workplaces - (See 3.11
Note 1 to entry).

When a process is outsourced OH&S risks to the organization’s own workers can
still arise from related activities, for example: packaging, loading and transportation
of products to and from the premises of the organization providing the outsourced
process.

Clause 8.1.4.3 requires that ‘outsourced functions and processes are controlled’ and
that the degree of control ‘is defined within the OH&S management system’. It’s up
to the organization to consider what is acceptable to them, to define how OH&S risks
are controlled when an external provider is working on its behalf, and then ensure
that these requirements are met.

Q: Is it correct to state that there is no need to consider the activities associated with
an outsourced process that take place on the premises of the outsourced
organization?
A: The above statement is incorrect. Clause 8.1.4.3 of ISO 45001:2018 states:
“The organization shall ensure that outsourced functions and processes are
controlled.”
And that the “type and degree of control… shall be defined within the OH&S
management system”.

Q: What is the difference between a contractor and an outsourcer? To outsource

seems to be the same as using a contractor. Or, a contractor may include
outsourcing to another external organization.
A: This is correct. If a function or process is performed by an external organization
on behalf of the organization, it has been outsourced. The external organization
performing the function or process is providing a service and therefore is also a
contractor.
However, if the service provided by the contractor is not part of the organization’s
‘function or process’ it is not ‘outsourced’.

The definitions in ISO 45001:2018 are:

3.7 Contractor
External organization providing services to the organization in accordance with
agreed specifications, terms and conditions
Note 1 to entry: Services may include construction activities amongst others

3.29
Outsource (verb)
Make an arrangement where an external organization performs part of an
organization’s function or process
Note 1: an external organization is outside the scope of the management system,
although the outsourced function or process is within the scope

Q: If an outsourcer is the same as a contractor, or it can be treated as a contractor,

then why ISO 45001:2018 uses two clauses 8.1.4.2 & 8.1.4.3 to specify the
requirements? Why doesn’t ISO 45001:2018 integrate these two clauses 8.1.4.2 &
8.1.4.3 into one clause?
A: ‘Outsource’ is a commonly defined term in all ISO management system
standards. ISO 45001:2018 has added the term ‘contractor’ as this is often used in
an OH&S context, often for services that need to be provided in the organization’s
own workplace (See ISO 45001:2018 A.8.1.4.2.).

Different parts of the world have differing understanding of these two terms, so it is
very important that the technical definitions in ISO 45001:2018 are understood and
used, rather than local understanding of the terms. Based on the definitions, any
organization to which functions or processes are outsourced is a contractor

Q: A supplier is definitely not an outsourcer or a contractor, but it seems not to be

addressed in the requirements of 8.1.4. Examples of suppliers include raw material
suppliers, part suppliers, assembly suppliers, chemical suppliers, device suppliers,
equipment suppliers, among others. Could you tell us which clause mentions the
requirement of suppliers?
A: The requirements for suppliers are stated in clause 8.1.4.1 which states:
“The organization shall establish, implement and maintain a process(s) to control the
procurement of products and services in order to ensure their conformity to its OH&S
management system.”

There is further guidance provided in A.8.1.4.1, including:

“The organization should verify that equipment, installations and materials are safe
for use by workers by ensuring

a. Equipment is delivered according to specification and is tested to

ensure it works as intended

and

b. Materials are delivered according to their specifications…”

Clause 9 Performance Evaluation
Return to Top
Q:
A:

Clause 10 Improvement
Return to Top
Q: In the new standard ISO 45001 :2018, there is a new term “Opportunity” which is
mentioned twice,
• One is OHS Opportunity
• Other is opportunity related to OHS management
system
Q1 . What is the difference between them, with example if
possible?
Q2. Is there specific template to document the OHS opportunity and opportunities
related to management system?
A: A1. – OHS Opportunity is a defined term within the standard (3.22) and relates
specifically to improvement in OH&S performance whilst for other opportunities these
relate specifically for improving the OH&S management system.
Examples:
OHS Opportunities to improve OH&S performance (see 6.1.2.3 a)) can include:
1) considering hazards and risks when planning and designing a new facility, buying
equipment or introducing a new process and other planned changes;
2) alleviating monotonous work or work at a pre-determined work rate by ensuring
workers are rotated to other activities; and
3) using technology to improve OH&S performance, e.g. automating high-risk
activities.

Opportunities to improve the OH&S management system(see 6.1.2.3 b)) can

include:
1) making top management’s support for the OH&S management system more
visible, e.g. through communications such as social media or highlighting OH&S
performance in strategic business plans;
2) improving the organizational culture related to safety and training;
3) enhancing incident investigation processes;
4) increasing worker participation in OH&S decision-making; and
5) collaborating with other organizations in forums which focus on OH&S.

A2. – No
Clause 10.2 Incident, nonconformity and corrective
action
Q: In clause 10.2 a) 2) there is a requirement to “deal with the consequences”.
Can you please provide an example?
A: Consider an incident such as a small fire in the workplace:

10.2 a) 1) could include sounding the alarm, evacuating the affected area,
and the controlling and extinguishing of the fire.

10.2 a) 2) could include actions needed once the fire was extinguished, such
as inspecting the workplace, determining whether, when and how the
affected area can be returned to use, repairing damaged equipment, making
alternative production arrangements etc.

In the case of a nonconformity, for example where it has been identified that
confined space work has been taking place without a permit to work being in
place:

10.2 a) 1) could refer to halting any current or imminent activity and

removing any workers in an inadequately controlled confined space.

10.2 a) 2) could refer to arranging for the work to resume under correctly
issued permit conditions and dealing with any injuries or ill health suffered by
workers who were in the inadequately controlled confined space.

Q: In clause 10.2 b) 3) there is a requirement for “determining if similar incidents have

occurred, if nonconformities exist, or if they could potentially occur”.
Can you please provide an example?
A: Consider again the incident where there has been a small fire in the workplace:

10.2 b) 3) could include determining if improper storage of combustible

materials contributed to the small fire and that this factor was common to
other previous incidents. This would need to be addressed to prevent a
recurrence of a similar situation.

In the case of a nonconformity, for example where it has been identified that
confined space work has been taking place without a permit to work being in
place:
 This could imply checking whether other permit to work systems, such as
that for working at height, or high voltage work, are being correctly applied.
Or, if the non-conformity related to confined space work undertaken by a
particular contractor, checking whether other contractors undertaking
confined space work are operating the permit system correctly.

Q: In clause 10.2, c) there is a requirement to “review existing assessments of OH&S risks

and other risks, as appropriate (see 6.1)”.
Is the review required here review of the risk and opportunity, or review of the hazards
identification, risk assessment & control (HIRAC), or both?
A: The requirement is to review existing assessments of OH&S risks and other risks.

The investigation process should consider:

• was the hazard identified during planning activities (clause 6)? If not, why
not?
• if the hazard was identified, were controls implemented to address the
associated risks
• were the controls adequate, understood and correctly implemented? (Clause
8)
• were any risks missed or not assessed correctly?

Consider again the incident where there has been a small fire in the workplace:

10.2 c) could include determining if existing assessments of fire risk correctly

estimated the likelihood and potential severity of a fire.

In the example regarding working in a confined space without a permit:

10.2 c) could include determining whether relevant existing assessments

recognise the need for permits for work for particular activities, and if the use
of permits is regularly monitored and appropriate action taken.