In management system parlance a distinction is made between requirements and recommendations (guidance, best‐practice examples, etc.). ISO 45001's requirements are contained in Sections 4–10. Scope and definitions are provided in Sections 1 and 3. Section 2 is titled “normative references” as required by ISO's high‐level MSS. However, ISO 45001 states that “there are no normative references in this document.” ISO 45001's Annex A – “Guidance on the use of this document” – provides “explanatory information [with the intent] to prevent misinterpretation of the requirements contained in” the standard (43). As well, the Annex provides some guidance on interpretation of the requirements that can help with system development and implementation.
ISO 45001's introduction contains background information and rational for the standard, as well as the OHSMS approach in general. It provides the following description of an OHSMSs “aim” (§0.2):
“The purpose of an OH&S management system is to provide a framework for managing OH&S risks and opportunities. The aim and intended outcomes of the OH&S management system are to prevent work‐related injury and ill health to workers and to provide safe and healthy workplaces; consequently, it is critically important for the organization to eliminate hazards and minimize OH&S risks by taking effective preventive and protective measures.
When these measures are applied by the organization through its OH&S management system, they improve its OH&S performance. An OH&S management system can be more effective and efficient when taking early action to address opportunities for improvement of OH&S performance.
Implementing an OH&S management system conforming to this document enables an organization to manage its OH&S risks and improve its OH&S performance. An OH&S management system can assist an organization to fulfil its legal requirements and other requirements” (44).
Implementation success factors are identified in section §0.3 where it is stated that:
“…the implementation of an OH&S management system is a strategic and operational decision for an organization. The success of the OH&S management system depends on leadership, commitment and participation from all levels and functions of the organization” (44).
The plan‐do‐act‐check (PDCA) concept has been central to OHSMS since the earliest approaches. ISO 45001's Figure 1 (presented here as Figure 5) shows the relationship between PDCA and the standard's framework.
5.1 Scope (§1)
Every management system standard includes a scope that states and defines the area it covers. It is not uncommon for standard users to skip looking at the scope and go directly to its content – which is often thought of as “the auditable part.” However, it is important to consider the standard's scope before working with its content, especially if system certification will be pursued, or if an integrated (e.g. OH&S, environment, and quality) system is being developed.
ISO 45001's scope states: “this document specifies requirements for an Occupational Health & Safety (OH&S) management system, and gives guidance for its use, to enable organizations to provide safe and healthy workplaces by preventing work‐related injury and ill health as well as by proactively improving its OH&S performance” (46). An important point in the scope of this standard is that it “does not state specific criteria for OH&S performance, nor is it prescriptive about the design of an OH&S management system” (46). Rather, it points to achieving performance outcomes that are consistent with the OH&S policy. The importance of this is that it reflects the intent for the use of the standard as a risk management tool rather than as prescriptive instrument such as is found in governmental regulations.
FIGURE 5 Relationship between PDCA and ISO 45001 (45).
Source: International Organization for Standardization (14). Public Domain.
Determining the scope (or coverage) of an organization's OHSMS's is a critical first step in the development and implementation of its management system. These considerations include clarity on: operations covered by the OHSMS, such as a single plant, multiple ones, or corporate‐wide, and the activities covered. As determined by the organization, environmental, sustainability, or product safety can be added to the scope of the OHSMS, or visa‐versa, but integration is not a requirement of ISO 45001:2018. If an OHSMS's scope is expanded beyond OH&S, consideration should be given to potential complications if certification will be sought only for the OHSMS (e.g. 45001) component.
Guidance and requirements for determining the OHSMS's scope are provided in Section §4.3, where it states “the organization shall determine the boundaries and applicability of the OH&S management system to establish its scope. When determining this scope, the organization shall: consider the external and internal issues referred to in §4.1; take into account the requirements referred to in §4.2; and, take into account the planned or performed work‐related activities.” As well, the scope needs to “be available as documented information” (47).
5.2 Terms and Definitions (§3)
ISO 45001 references 37 terms and definitions. Key definitions include (48):
Worker (3.3) is defined as “person performing work or work‐related activities that are under the control of the organization.” In the evolution of OHSMS approaches, there has been movement toward this characterization (worker) versus using the term “employee” to reflect that there are contract and temporary workers, who are conducting activities with health and safety implications, that are under an organization's “control.” Note 2 for this definition indicates that workers include top management, as well as managerial and non‐managerial personnel.
Injury and ill health (3.18) is defined as “adverse effect on the physical, mental or cognitive condition of a person.” New here is the term “cognitive condition.” When implementing ISO 45001:2018, consideration should be given on how this term will be interpreted/defined.
Risk (3.20) is defined as “effect of uncertainty.” This is a generic definition used throughout ISO's MSS. It is meant to include direct risk to hazards as well as risks to the performance of the management system. To OH&S professionals, this at first seems like an odd definition since the common definition in OH&S is “combination of the likelihood of an occurrence of a hazardous event or exposure(s) and the severity of injury or ill health that can be caused by the event or exposure.” This more common definition is included in ISO 45001 as “OH&S risk” (3.21).
OH&S opportunity (3.22) is defined as “circumstance or set of circumstances that can lead to improvement of OH&S performance.” As indicated earlier, this is a relatively new distinction in MSs in general as well as OHSMSs. It reflects an evolution in OHSMS approaches to focus on only on risk‐related issues, but also to expand perspective and proactively look for, and act on, opportunities to OH&S improve performance.