Professional Documents
Culture Documents
Share
Facebook
Twitter
Email
Unlock this
Request demo
ISO 45001 Occupational Health and Safety (OHS) Audit Checklist Share
Run this checklist to perform an internal audit on an organization's occupational health and safety (OHS) management
system against the ISO 45001:2018 requirements.
1
Introduction:
2 Enter basic details
3
Preparing for the audit:
4 Establish context of the OHSMS audit
5 Establish objectives of the OHSMS audit
6 Establish scope of the OHSMS audit
7 Establish criteria of the OHSMS audit
8 Ensure OHSMS audit monitoring systems are in place
9 Request documented information from auditee
10
Assign audit roles and responsibilities:
11 Assign audit team
12 Assign audit team lead
13
Reviewing documented information:
14 Review auditee's documented information
15 Approval:
16 (Conditional) Resolve documented information issue(s)
17 Prepare an audit plan
18 Assign work to the audit team
19
Initiating the audit:
20 Make arrangements with the auditee
21 Conduct open meeting
22 Ensure relevant audit information is accessible
23
Collecting evidence (context of the organization):
24 Assess understanding of the organization and its context
25 Assess the needs and expectations of relevant interested parties
26 Assess the scope of the OHSMS
27
Collecting evidence (leadership):
28 Assess leadership of the OHSMS
29 Assess OHSMS policies
30 Assess OHSMS roles, responsibilities, and authorities
31 Assess consultation and participation of workers
32
Collecting evidence (planning):
33 Assess actions to address risks and opportunities
34 Assess actions to address and identify hazards
35 Assess determination of legal and other requirements
36 Assess OHSMS planning action
37 Assess OHSMS objectives
38
Collecting evidence (support):
Made with
♥
in Process Street ®
Introduction:
ISO 45001 defines the requirements for an occupational health and safety (OHS) management system.
The purpose of the standard is to enable organizations to implement a management system that facilitates continuous
improvement of OHS performance, in the interest of preventing injury and ill-health.
Organizations of all sizes and types can use ISO 45001; the standard will enable improvement of performance by:
By utilizing this checklist to implement an operational health and safety (OHS) management system, organizations
will stand to gain the following:
This checklist is designed to streamline the process for implementing an operational health and safety (OHS)
management system in line with the requirements set out in the ISO 45001:2018 standard.
This checklist is designed as a supplement, and is not intended to replace ISO 45001.
For best results, users are encouraged to edit the checklist and modify the contents to best suit their use cases, as it
cannot provide specific guidance on the particular risks and controls applicable to every situation.
Typically, management system auditors will prepare custom checklists that reflect the specific scope, scale, and
objectives of the operational health and safety management system being audited.
Auditee information
If this process involves multiple people, you can use the members form field to allow the person running this checklist
to select and assign additional individuals.
For example, if management is running this checklist, they may wish to assign the lead internal auditor after completing
the basic audit details.
1
Business goals and objectives
2
Relevant external and internal issues
3
The needs and expectations of relevant interested parties
4
Information security and confidentiality requirements of the OHSMS
Individual audit objectives need to be consistent with the context of the auditee, including the following factors:
1
Extent of the OHSMS to be audited
2
Capacity of the OHSMS to help the organization to meet relevant regulatory requirements
3
Effectiveness of the OHSMS in producing its intended results
4
Opportunities for OHSMS improvements
5
Suitability of the OHSMS with respect to overall strategic context and business objectives of the auditee
Audit objectives
Consider the following factors, and define the audit scope in the form field below:
1
Audit location
2
Audit function
3
Audit activities
4
Processes to be audited
5
Audit time-frame
Audit scope
1
Relevant policies
2
Processes and standard operating proceudures
3
Performance objectives and KPIs
4
Statutory and other relevant regulatory requirements
5
Management system requirements (e.g. other ISO standards)
6
Risks and opportunities as determined by the auditee
7
Internal codes of conduct
Audit criteria
1
Timeliness of the audit (whether deadlines and schedules are being met)
2
Performance of the audit team members (including lead auditor)
3
Successful implementation of audit plans
4
Feedback from auditee and other relevant parties
5
Documentation of audit activities
1
Overall competence required by the audit team
2
Audit complexity
3
Combined or joint audit?
4
Audit methods
5
Ability of the audit team to work and interact effectively with the auditee
6
Relevant internal and external issues (e.g. auditee language barriers)
7
Type and complexity of processes to be audited (do they require specialized knowledge?)
Should you require fewer or more audit team members, edit this template to your requirements.
This should be done well ahead of the scheduled date of the audit, to be sure that planning can take place in a timely
manner.
A dynamic due date has been set for this task, for one month before the scheduled start date of the audit.
Use the form fields below to record the details of the lead auditor.
This will help to prepare for individual audit activities, and will serve as a high-level overview from which the lead
auditor will be able to better identify and understand areas of concern or nonconformity.
The above list is by no means exhaustive. The lead auditor should also take into account individual audit scope,
objectives, and criteria.
Reference material, such as individual ISO standards, will be useful at this point.
Approval:
Will be submitted for approval:
1
Roles and responsibilities of each audit team member
2
Risk-based approach to audit planning
3
Scheduling and coordination of audit activities
4
Scope and complexity of the audit
5
Sampling techniques for collecting evidence
6
Opportunities for improvement
7
Risks of inadequate planning
8
Impact of the audit on auditee activities
Audit plan
File will be uploaded here
You can use Process Street's task assignment feature to assign specific tasks in this checklist to individual members of
your audit team.
1
Basic introduction and clear outline of lead auditor roles and responsibilities
2
Clarify the methods of communication
3
Permission has been granted to proceed with the audit
4
The auditee understands the audit programme so far
5
Relevant information is accessible to all parties involved with the audit
6
Request access to additional relevant information
7
Determine if there are any additional regulatory requirements that will impact audit activities
8
Confirm information security policies
9
Confirm audit scheduling
10
Location-specific arrangements are made
11
Auditee understands requirements for additional observers/guides etc.
12
Risk areas of note are communicated
13
Outstanding issues are resolved
For example, the dates of the opening and closing meetings should be provisionally declared for planning purposes.
It's advised that the opening meeting should be led by the lead auditor.
The scheduling for this meeting should have already been determined earlier in the checklist.
During the opening meeting, confirm the following with all relevant parties:
1
Audit programme plans
2
Individual audit scope
3
Individual audit objectives
4
Individual audit criteria
5
Individual audit plans
6
Roles and responsibilities of the audit team
7
That all planned activities can be performed, and proper authorization is acquired
8
Language of the audit
9
Information security protocol
10
Relevant access and arrangements for the audit team
11
Notable on-site activities that could impact audit process
Typically, such an opening meeting will involve the auditee's management, as well as crucial actors or specialists in
relation to processes and procedures to be audited.
This meeting is a great opportunity to ask any questions about the audit process and generally clear the air of
uncertainties or reservations.
Depending on the size and scope of the audit (and as such the organization being audited) the opening meeting might be
as simple as announcing that the audit is starting, with a simple explanation of the nature of the audit.
Familiarity of the auditee with the audit process is also an important factor in determining how extensive the opening
meeting should be.
1
Methods for reporting and communicating audit progress
2
Conditions of audit termination
3
Procedures for dealing with audit findings during the audit
4
Procedures for receiving feedback from the auditee in response to findings during the audit
It's important to make clear where all relevant interested parties can find important audit information.
Make sure important information is readily accessible by recording the location in the form fields of this task.
You may want to consider uploading important information to a secure central repository (URL) that can be easily
shared to relevant interested parties.
Record information pertaining to the organization and its context in the form fields below.
Provide a record of evidence gathered relating to the OHS management system scope in the form fields below.
Record conformities for actions to address and identify OHSMS hazards information
Record nonconformities for actions to address and identify OHSMS hazards information
Provide a record of evidence gathered relating to the determination of legal and other requirements in the
OHSMS using the form fields below.
Record conformities for procedures for eliminating OHSMS hazards and risks
Record nonconformities for procedures for eliminating OHSMS hazards and risks
Assess procurement
Provide a record of evidence gathered relating to procurement in the OHSMS using the form fields below.
Record conformities for systems for monitoring and measuring OHSMS performance
Record nonconformities for systems for monitoring and measuring OHSMS performance
Provide a record of evidence gathered relating to evaluation of compliance in the OHSMS using the form fields
below.
Audit findings:
Review audit evidence and findings
The audit team leader must review the audit's evidence and findings before the continuation of this checklist is possible.
The audit team leader can then approve, reject or reject with comments, the below information.
Conformities: {{form.Record_conformities_for_organization_and_its_context}}
Nonconformities: {{form.Record_nonconformities_for_organization_and_its_context}}
Suggestions: {{form.Suggestions_for_organization_and_its_context}}
Information: {{form.Needs_and_expectations_of_interested_parties_information}}
Conformities: {{form.Record_conformities_for_needs_and_expectations_of_interested_parties}}
Nonconformities: {{form.Record_nonconformities_for_needs_and_expectations_of_interested_parties}}
Suggestions: {{form.Suggestions_for_needs_and_expectations_of_interested_parties}}
OHSMS scope
Information: {{form.OHSMS_scope_information}}
Conformities: {{form.Record_conformities_for_OHSMS_scope}}
Nonconformities: {{form.Record_nonconformities_for_OHSMS_scope}}
Suggestions: {{form.Suggestions_for_OHSMS_scope}}
Leadership
OHSMS leadership
Information: {{form.OHSMS_leadership_information}}
Conformities: {{form.Record_conformities_for_OHSMS_leadership}}
Nonconformities: {{form.Record_nonconformities_for_OHSMS_leadership}}
Suggestions: {{form.Suggestions_for_OHSMS_leadership}}
OHSMS policy
Information: {{form.OHSMS_policy_information}}
Conformities: {{form.Record_conformities_for_OHSMS_policy}}
Nonconformities: {{form.Record_nonconformities_for_OHSMSpolicy}}
Suggestions: {{form.Suggestions_for_OHSMS_policy}}
Information: {{form.OHSMS_roles_and_responsibilities_information}}
Conformities: {{form.Record_conformities_for_OHSMS_roles_and_responsibilities}}
Nonconformities: {{form.Record_nonconformities_for_OHSMS_roles_and_responsibilities}}
Suggestions: {{form.Suggestions_for_OHSMS_roles_and_responsibilities}}
Information: {{form.Consultation_and_participation_of_workers_information}}
Conformities: {{form.Record_conformities_for_consultation_and_participation_of_workers}}
Nonconformities: {{form.Record_nonconformities_for_consultation_and_participation_of_workers}}
Suggestions: {{form.Suggestions_for_consultation_and_participation_of_workers}}
Planning
Conformities: {{form.Record_conformities_for_OHSMS_risks_and_opportunities}}
Nonconformities: {{form.Record_nonconformities_for_OHSMS_risks_and_opportunities}}
Suggestions: {{form.Suggestions_for_OHSMS_risks_and_opportunities}}
Information: {{form.Actions_to_address_and_identify_OHSMS_hazards_information}}
Any nonconformities?:
{{form.Nonconformity_with_actions_to_address_and_identify_OHSMS_hazards_information?}}
Conformities: {{form.Record_conformities_for_actions_to_address_and_identify_OHSMS_hazards_information}}
Nonconformities:
{{form.Record_nonconformities_for_actions_to_address_and_identify_OHSMS_hazards_information}}
Suggestions: {{form.Suggestions_for_actions_to_address_and_identify_OHSMS_hazards_information}}
Information: {{form.Determination_of_OHSMS_legal/other_requirements_information}}
Conformities: {{form.Record_conformities_for_determination_of_OHSMS_legal/other_requirements}}
Nonconformities: {{form.Record_nonconformities_for_determination_of_OHSMS_legal/other_requirements}}
Suggestions: {{form.Suggestions_for_determination_of_OHSMS_legal/other_requirements}}
Information: {{form.OHSMS_planning_action_information}}
Conformities: {{form.Record_conformities_for_OHSMS_planning_action}}
Nonconformities: {{form.Record_nonconformities_for_OHSMS_planning_action}}
Suggestions: {{form.Suggestions_for_OHSMS_planning_action}}
OHSMS objectives
Information: {{form.OHSMS_objectives_information}}
Conformities: {{form.Record_conformities_for_OHSMS_objectives}}
Nonconformities: {{form.Record_nonconformities_for_OHSMS_objectives}}
Suggestions: {{form.Suggestions_for_OHSMS_objectives}}
Support
OHSMS resources
Information: {{form.OHSMS_resources_information}}
Conformities: {{form.Record_conformities_for_OHSMS_resources}}
Nonconformities: {{form.Record_nonconformities_for_OHSMS_resources}}
Suggestions: {{form.Suggestions_for_OHSMS_resources}}
OHSMS competence
Information: {{form.OHSMS_competence_information}}
Conformities: {{form.Record_conformities_for_OHSMS_competence}}
Nonconformities: {{form.Record_nonconformities_for_OHSMS_competence}}
Suggestions: {{form.Suggestions_for_OHSMS_competence}}
OHSMS awareness
Information: {{form.OHSMS_awareness_information}}
Conformities: {{form.Record_conformities_for_OHSMS_awareness}}
Nonconformities: {{form.Record_nonconformities_for_OHSMS_awareness}}
Suggestions: {{form.Suggestions_for_OHSMS_awareness}}
Information: {{form.OHSMS_communication_procedures_information}}
Conformities: {{form.Record_conformities_for_OHSMS_communication_procedures}}
Nonconformities: {{form.Record_nonconformities_for_OHSMS_communication_procedures}}
Suggestions: {{form.Suggestions_for_OHSMS_communication_procedures}}
Information: {{form.OHSMS_documented_information_notes}}
Conformities: {{form.Record_conformities_for_OHSMS_documented_information}}
Nonconformities: {{form.Record_nonconformities_for_OHSMS_documented_information}}
Suggestions: {{form.Suggestions_for_OHSMS_documented_information}}
Operation
Information: {{form.OHSMS_planning_and_control_information}}
Conformities: {{form.Record_conformities_for_OHSMS_planning_and_control}}
Nonconformities: {{form.Record_nonconformities_for_OHSMS_planning_and_control}}
Suggestions: {{form.Suggestions_for_OHSMS_planning_and_control}}
Information: {{form.Procedures_for_eliminating_OHSMS_hazards_and_risks_information}}
Conformities: {{form.Record_conformities_for_procedures_for_eliminating_OHSMS_hazards_and_risks}}
Nonconformities: {{form.Record_nonconformities_for_procedures_for_eliminating_OHSMS_hazards_and_risks}}
Suggestions: {{form.Suggestions_for_procedures_for_eliminating_OHSMS_hazards_and_risks}}
Information: {{form.Procedures_for_management_of_OHSMS_change_information}}
Conformities: {{form.Record_conformities_for_procedures_for_management_of_OHSMS_change}}
Nonconformities: {{form.Record_nonconformities_for_procedures_for_management_of_OHSMS_change}}
Suggestions: {{form.Suggestions_for_procedures_for_management_of_OHSMS_change}}
OHSMS procurement
Information: {{form.OHSMS_procurement_information}}
Conformities: {{form.Record_conformities_for_OHSMS_procurement}}
Nonconformities: {{form.Record_nonconformities_for_OHSMS_procurement}}
Suggestions: {{form.Suggestions_for_OHSMS_procurement}}
Information: {{form.OHSMS_emergency_preparation_and_response_information}}
Conformities: {{form.Record_conformities_for_OHSMS_emergency_preparation_and_response}}
Nonconformities: {{form.Record_nonconformities_for_OHSMS_emergency_preparation_and_response}}
Suggestions: {{form.Suggestions_for_OHSMS_emergency_preparation_and_response}}
Performance evaluation
Information: {{form.Systems_for_monitoring_and_measuring_OHSMS_performance_information}}
Any nonconformities?:
{{form.Nonconformity_with_systems_for_monitoring_and_measuring_OHSMS_performance?}}
Conformities: {{form.Record_conformities_for_systems_for_monitoring_and_measuring_OHSMS_performance}}
Nonconformities:
{{form.Record_nonconformities_for_systems_for_monitoring_and_measuring_OHSMS_performance}}
Suggestions: {{form.Suggestions_for_systems_for_monitoring_and_measuring_OHSMS_performance}}
Information: {{form.Evaluation_of_OHSMS_compliance_information}}
Conformities: {{form.Record_conformities_for_evaluation_of_OHSMS_compliance}}
Nonconformities: {{form.Record_nonconformities_for_evaluation_of_OHSMS_compliance}}
Suggestions: {{form.Suggestions_for_evaluation_of_OHSMS_compliance}}
Information: {{form.OHSMS_internal_audit_procedures_information}}
Conformities: {{form.Record_conformities_for_OHSMS_internal_audit_procedures}}
Nonconformities: {{form.Record_nonconformities_for_OHSMS_internal_audit_procedures}}
Suggestions: {{form.Suggestions_for_OHSMS_internal_audit_procedures}}
Information: {{form.OHSMS_management_review_procedures_information}}
Conformities: {{form.Record_conformities_for_OHSMS_management_review_procedures}}
Nonconformities: {{form.Record_nonconformities_for_OHSMS_management_review_procedures}}
Suggestions: {{form.Suggestions_for_OHSMS_management_review_procedures}}
Improvement
Information: {{form.OHSMS_incident,_nonconformity,_and_corrective_action_procedures_information}}
Any nonconformities?:
{{form.Nonconformity_with_OHSMS_incident,_nonconformity,_and_corrective_action_procedures?}}
Conformities:
{{form.Record_conformities_for_OHSMS_incident,_nonconformity,_and_corrective_action_procedures}}
Nonconformities:
{{form.Record_nonconformities_for_OHSMS_incident,_nonconformity,_and_corrective_action_procedures}}
Suggestions: {{form.Suggestions_for_OHSMS_incident,_nonconformity,_and_corrective_action_procedures}}
Information: {{form.OHSMS_continuous_improvement_procedures_information}}
Conformities: {{form.Record_conformities_for_OHSMS_continuous_improvement_procedures}}
Nonconformities: {{form.Record_nonconformities_for_OHSMS_continuous_improvement_procedures}}
Suggestions: {{form.Suggestions_for_OHSMS_continuous_improvement_procedures}}
Approval:
Will be submitted for approval:
If the report is issued several weeks after the audit, it will typically be lumped onto the "to-do" pile, and much of the
momentum of the audit, including discussions of findings and feedback from the auditor, will have faded.
This task has been assigned a dynamic due date set to 24 hours after the audit evidence has been evaluated against
criteria.
The audit report is the final record of the audit; the high-level document that clearly outlines a complete, concise, clear
record of everything of note that happened during the audit.
Use the sub-checklist below to check off important items included within the audit report:
1
Audit programme objectives
2
Individual audit objectives
3
Individual audit scope
4
Individual audit criteria
5
An overview of the auditee & their context
6
Roles and responsibilities of the audit team
7
Key dates and locations of the audit
8
Complete audit findings and corresponding evidence
9
Audit conclusions
10
Assessment of audit criteria
11
Unresolved conflicts of opinion between audit team and auditee
Use the form field below to upload the completed audit report.
Use the email widget below to quickly and easily distribute the audit report to all relevant interested parties.
Should you want to distribute the report to additional interested parties, simply add their email addresses to the email
widget below:
A time-frame should be agreed upon between the audit team and auditee within which to carry out follow-up action.
As part of the follow-up actions, the auditee will be responsible for keeping the audit team informed of any relevant
activities undertaken within the agreed time-frame. The completion and effectiveness of these actions will need to be
verified - this may be part of a subsequent audit.
In any case, recommendations for follow-up action should be prepared ahead of the closing meetingand shared
accordingly with relevant interested parties.
Follow-up actions
Make sure the following items are resolved ahead of the closing meeting:
1
All audit findings are reviewed against audit objectives
2
Audit conclusions are agreed upon
3
Recommendations are prepared, if necessary
4
Follow-up action has been discussed and agreed upon
The main point of the closing meeting should be to present audit findings and conclusions.
Lead auditors should be responsible for presenting audit findings and conclusions.
You can use the sub-checklist below as a kind of attendance sheet to make sure all relevant interested parties are in
attendance at the closing meeting:
1
Auditee management
2
Audit programme manager
3
Individuals responsible for the processes and procedures being audited
4
The audit client
5
All members of the audit team
6
Other relevant interested parties, as determined by the auditee/audit programme
Once attendance has been taken, the lead auditor should go over the complete audit report, with special attention
placed on:
1
If applicable, first addressing any special occurrences or situations that might have impacted the reliability of
audit conclusions
2
Making sure all present are familiar with or have access to the complete audit report
3
Making sure the auditee is familiar with the audit process
4
Confirming the time-frame for audit follow-up actions
5
Diverging opinions / disagreements in relation to audit findings between any relevant interested parties
6
Opportunities for improvement
Depending on the situation and context of the audit, formality of the closing meeting can vary.
For more formal audits, minutes and records of attendance can be kept.
For more informal (e.g. internal) audits, it can be sufficient to simply communicate audit findings and audit conclusions.
In any case, during the course of the closing meeting, the following should be clearly communicated to the auditee:
1
That audit evidence is based on sample information, and therefore cannot be fully representative of the overall
effectiveness of the processes being audited
2
The specific methods of audit reporting used
3
Complete audit findings and conclusions
4
Advice for how to proceed in light of audit findings
5
Consequences if audit findings are not addressed
6
Recommendations for post-audit follow-up activities
7
All information documented during the course of the audit should be retained or disposed of, depending on:
It should be assumed that any information collected during the audit should not be disclosed to external parties without
written approval of the auditee/audit client.
However, it may sometimes be a legal requirement that certain information be disclosed. Should that be the case, the
auditee/audit client must be informed as soon as possible.
Sources:
ISO - ISO 45001:2018
ISO - ISO 27001:2013
ISO - ISO 26000:2010
ISO - ISO 19011:2018
ISO - Consolidated ISO Supplement
ISO - Management System Standards
ISO - ISO 9001:2015
Samuel O. Idowu, Catalina Sitnikov, Lars Moratis - ISO 26000 - A Standardized View on Corporate
Social Responsibility
Martin Hinsch - ISO 9001:2015 for Everyday Operations
David Lilburn Watson, Andrew Jones - Digital Forensics Processing and Procedures: Meeting the Requirements
of ISO 17020, ISO 17025, ISO 27001 and Best Practice Requirements
Disclaimer:
1. Process Street is not affiliated or in partnership with the International Organization for Standardization (ISO). The
materials on Process Street’s website are provided on an as-is basis and are for educational purposes. Process
Street makes no warranties, expressed or implied, and hereby disclaims and negates all other warranties including,
without limitation, implied warranties or conditions of merchantability, fitness for a particular purpose, or non-
infringement of intellectual property or other violation of rights.
2. Further, Process Street does not warrant or make any representations concerning the accuracy, likely results, or
reliability of the use of the materials on its website or otherwise relating to such materials or on any sites linked to
this site.
Related checklists:
ISO 19011 Management Systems Audit Checklist
ISO 9001 Internal Audit Checklist for Quality Management Systems
ISO 27001 Information Security Management System (ISO 27K ISMS) Audit Checklist
ISO 9001 and ISO 14001 Integrated Management System (IMS) Checklist
ISO 9000 Structure Template
ISO 9000 Marketing Procedures
ISO 14001 Environmental Management Self Audit Checklist
Request demo
Request demo