ISO 45001 (the ISO formerly known as OHSAS 18001) is a way of bringing the complex world of health and safety laws and regulations into a manageable system which can be integrated with your other ISO family members. Traditionally it has been part of the trifecta of standards falling under the responsibility of the lucky HSEQ/QHSE/SHEQ (other acronyms are available) manager.  

It's important to note that ISO 45001 is all about occupational health and safety and not, for example, product safety or security. In other words, it’s about looking after your people and not your stuff.  

The key mechanism for compliance with the standard is the same mechanism that you would use for compliance with Health and Safety law, i.e. risk assessments. A focus on managing hazards and preventing accidents and other incidents is essential. The more hazardous the industry or activity, the more relevant this standard becomes.  

Whether you are setting out for the first time with the standard, or need to integrate it with your current systems, we can help you to navigate the detailed requirements and ensure that they work effectively for your organisation. 

Well obviously you want to look out for your employees, and despite muttered words to the contrary, no one wants anyone to succumb to the dreaded health and safety incident. But, in the spirit of the standard, let’s talk about risk.  

Some industries, some jobs, some projects (some people), are inherently more likely to hurt people than others. Working in retail doesn’t carry the same risk as being on a construction site. But there are still risks and you still don’t want to hurt anyone (even if they stole your lunch). Risk is about chances and consequences. What are the chances of an incident occurring, and how severe might the consequences be. Until you have actually carried out the risk assessments you can’t be sure of the answer. Trust us, there will be scenarios you haven’t yet thought of. 

Even if you’re not convinced about the risk to the health and safety of your people, what about the risk that your people will disagree once they see the inside of the ambulance and start using that dreaded word: compensation? 

So if you’re engaged in something even a little risky, and don’t plan on falling foul of the law, then ISO 45001 is going to be relevant to you.  

Do you have employees? 

Do you occupy premises? 

Are you uncomfortable about your own expertise in health and safety? 

Is yours a hazardous industry? 

Do some of your activities require health or safety precautions to be in place? 

Have competitors or others in your supply chain been taken to court over safety violations? 

Does the thought of someone whispering “compensation” make you wince? 

The more of the above you can answer ‘yes’ to, the more you need ISO 45001. Unlike many ISO standards the primary driver for achieving certification is less about the credential for winning business, more about the controls that allow you to stay in business. After all, if you’re not operating safely the powers-that-be may decide you shouldn’t operate at all. 

Whether you are setting out for the first time with the standard, or need to integrate it with your current systems, we can help you to navigate the detailed requirements and ensure that they work effectively for your organisation. 

We are, first and foremost, a management consultancy. And we are really keen on the consulting part. By engaging with us you can be assured we will listen carefully to your story and understand the details of what you want, and what you need (which are not always the same thing!). Our consultants can then offer you a uniquely tailored solution. We understand how to bend and shape the ISO framework to add value to your business whilst achieving your compliance objectives. 

The most interesting development in recent years has been the addition of 45003 which widens the scope of Occupational Health and Safety to include mental health and wellbeing. This reflects society’s increasing recognition that health and safety is not just a physical thing and we can take a holistic, 360° view of wellbeing.  

Don’t panic, you don’t have to implement both standards, and only ISO 45001 can be UKAS accredited. However, as with all things ISO you should take a risk-based approach when deciding which standards should apply to your business. If your employees keep being signed off with stress, maybe it’s something to think about… 

Even if you’re content with the protection provided by ISO 45001, you can’t sit on your laurels as it’s currently under review and likely to be issued with changes come 2027. 

We can help build a management system that will meet the current standard, and be ready for the impending changes to be managed without undue stress (there’s a standard for that…) 

The purpose of the standard is fundamentally to help you put in place a management system to ensure your people are working in a healthy and safe environment, with all that entails. This includes not just documentation but also culture, behaviours and practices throughout the organisation. Preventing work related injury and ill health and continually improving your health and safety performance are key features of ISO 45001. This means eliminating hazards and minimising risks in a systematic way.  

In common with many ISO management system standards (e.g. ISO 9001, ISO 14001) successful implementation requires you first to understand the context in which your organisation operates and the needs and expectations of workers and other interested parties – or stakeholders, if you prefer. The focus on “workers” aligns the standard to legislation, for example there is a specific requirement to demonstrate consultation and participation of workers in the development of the management system.  

The standard uses the well-known Plan-Do-Check-Act model reframed as: 

• Planning 

• Support and operation 

• Performance evaluation 

• Improvement 

All the above are driven by leadership and worker participation which receives a lot more focus in this standard perhaps due to the perception that serious health and safety failures in the past have been failures in leadership and failures to understand what really happens “on the job”.   

With our extensive knowledge of the standard, and an eye to the needs and benefits for your business, we can support you to build a robust, effective and compliant health and safety management system. 

In line most health and safety legislation, the standard is driven by hazard identification and risk assessments. Other than this, many of the key features are basically the same as other ISO management system standards in that they require you to manage things sensibly, so sensibly in fact that we challenge you to argue against having a system for any of the following: 

• Understanding and evaluating your legal obligations. 

• Planning what to do. 

• Setting objectives and doing something about them. 

• Ensuring sufficient resource, competence, awareness and communication. 

• Managing documentation. (Be honest. It has never looked after itself, has it?) 

• Safe operations, including all aspects of purchasing.  

• Management of change.  

• Emergency preparedness and response.  

• Internal audits, metrics, reviews and all the usual suspects that drive continual improvement.  

We can help you to document your HSMS in a way that meets the requirements of the standard but also works for you and how you actually operate. We can support you by identifying the gaps between where you are and where the standard needs you to be, and we can recommend changes and improvements to address them in a way that’s relevant for you and your team. We can work with you to implement and develop your system and can support you however much or little you need. We are here to help you to succeed, not only to meet the requirements of the standard, but to continue to develop and maintain your compliance as your business grows. 

Certification by an independent, accredited body is the best demonstration of your compliance to ISO 45001. Certification means that your system is scrutinised and verified on a scheduled basis through an external audit programme. It is an excellent way of confirming your application of your own system – to yourselves, to regulatory bodies and to your stakeholders. 

In the UK, certification to ISO 45001 should be undertaken through one of the certification bodies accredited by UKAS, the UK’s National Accreditation Body for certification, calibration, inspection and testing services. Only UKAS-accredited certification bodies are recognised by the UK Government and major purchasers, and they operate programmes for transition to the new revision of the standard, as well as for new clients. 

We can help you to choose a UKAS-accredited certification body and can support you through the certification process. We can help you however you need us to, whether by preparing documentation, training and mentoring, reviewing and auditing, or by working with you to develop and integrate your system beyond certification so that it always meets your needs as well as the requirements of the standard. 

Whether you are already certified to ISO 9001 and need to add ISO 45001, or you are just starting out on your ISO journey, the process towards certification requires planning, commitment, and resources. How much work is involved will depend on your current stage of development, the size of your organisation and the number of people involved. We will work closely with you to identify your gaps and synergies against the requirements of the standard, and to develop a workable action plan to achieve your certification in the most efficient way. Our effective project management and extensive know-how will support your schedule and budget with the resources tailored to help you at every stage. 

Whether you are integrating with ISO 9001 (quality), another Health and Safety standard, or coming to it completely fresh and new, there are requirements to define processes, maintain documented information and to communicate the importance of health and safety within your organisation.  

We can help you to update or build your system and document the requirements in the most effective ways. We don’t believe in producing a tome of paper that thuds onto the desk once a year when the auditor asks to see it. We want to create a tailor-made, usable, readable and (dare we say) useful HSMS that really does reduce your risks and demonstrate compliance.  

How long is a piece of string? 

You’re not a cookie-cutter company, so we don’t deal with cookie-cutter prices. But let’s talk about what makes up the cost of ISO certification: 

• Finding out where you’re starting from, where you need to be and how to get there. (GSAAP). 

• In house resources to manage and deliver the work plan. 

• External consultants to help with parts of the plan that are outside your skills and experience (or time). 

• Certification Body. 

• Maintenance of your certification. Not just polishing the frame. 

Depending on the size, scale and complexity of your organisation, you may need more or less consultancy time. We can work with you based on a specific number of days at an agreed rate, carefully scoped, fixed price work packages, or a combination of both to suit your budget. 

There is a difference between certification and accreditation. In the UK there is only one government approved accreditation body (UKAS). When your customers are asking to see your ISO certification, they expect to see the UKAS logo alongside the certification body’s logo. Without this, your customer may reject the certificate and you may find you've a costly exercise to undo the commercial damage, upgrade your system and put yourself through the certification process all over again. We can help you choose a UKAS accredited certification body to make sure you aren’t going to get any awkward questions later. 

We’ve been in this game a long time now and have developed a proven system of tackling the requirements of ISO certification with you. We begin with our Gap & Synergy Assessment with Action Plan (GSAAP for those acronym lovers) which shows us how close you already are to the standard requirements. We find, usually, that there are many more synergies than you’d expect - you’re running a successful business after all, aren’t you? 

This gives us a head-start when creating the HSMS and gives you the opportunity to get to know your consultant and confirm you enjoy working with us before embarking on the good ship certification. At this point you’re able to take the GSAAP and run, but of course we’d like to think you’d want to keep working with us to help you with the documentation (Stage 1) and implementation (Stage 2). 

We help share the load by reviewing what you create, or creating things for your review - business manuals, process maps, policies and procedures, etc. Once this is all done, there’s a desktop audit by the certification body to check all your documentation complies with the rigours of your chosen standard - and yes, we can be involved in this as your advocate, interpreter, translator or referee. Stage 1 is all about ‘saying what you do’ as a business. But you can’t just say what you do, you also need to ‘do what you say’. Stage 2 is all about those documents coming off the page and becoming a ‘real’ entity in your business. The burden of proof is on you to show that your system, as you’ve set out in Stage 1, is working as you say it should be. It takes time to gather this body of evidence, anywhere from 2-3 months, and this evidence can take various forms. Our role during Stage 2 is to provide training, mentoring, internal audits and management reviews to ensure your business is ready for the Stage 2 external audit. It’s entirely normal for a few ‘nonconformities’ to arise, especially at this stage, but we’ll be there to help you deal with them and make sure you get that recommendation for certification. 

At this point you’re able to take your new ISO Certificate, pat yourselves on the back for a job well done and send us on our merry way, happiness all round. However, we recommend you stick with us for this first year. Why? So we can help establish quarterly health checks to keep things ticking over. No one wants to be thrown into a full-blown panic 11 months down the line as the surveillance visit looms and you realise things have gotten a little wobbly. With us on board that little while longer, you can be sure that the gears are turning and the processes are followed so when the auditor returns, you’re armed and, if not dangerous, at least prepared.