Policy Requirements in ISO 45001

Worker wearing PPE equipment for Safety reasons

A key component of any management system is the policy; it is a high level document that should be used to guide the organisation in its operation, as well as keep them on track to meet and exceed their goals.

Some elements of a policy are the same across all disciplines – they should always reflect the individual organisation, they should be communicated and documented, and they should include a commitment to continual improvement. Other requirements will vary – a quality policy should include a commitment to meet and exceed customer expectations, an environmental policy should include a commitment to the prevention of pollution, and an OHS policy should include a commitment to eliminate work-related illness and injury… or should it?

With ISO 45001 just around the corner, we thought we’d take the time to have a look at the new policy requirements in detail.

Note: This article was originally posted on Exemplar Global’s The Auditor Online.

Previously, both AS/NZS 4801:2001 and OHSAS 18001:2007 prescribed similar requirements for their OH&S policies. Each had to provide the framework for setting and reviewing objectives and include commitments to fulfil an organisation’s legal and other requirements, as well as to either minimise or eliminate work-related illness and injury.In some respects, ISO 45001’s policy requirements are very familiar – it still has to be documented, communicated and available, include a commitment to satisfy applicable legal and other requirements, and set the framework for the organisation’s objectives. The commitment to either the elimination or minimization of work-related illness and injury is maintained too, though slightly reworded and refocused. However, one change that is coming relates to two new commitments that are required. The first is to include a commitment to eliminate hazards (in a previous draft, this commitment was to the use of the hierarchy of control when controlling OH&S risks); the other is to include a commitment to consultation and participation of workers, and where they exist, workers’ representatives.

In Australia, workers’ consultation and participation and the elimination of hazards are both items that we do well, and have done well for a while; so the inclusion of these commitments in the policy may seem a little odd. One thing to remember, though, is that this is our first truly international OH&S standard, so these inclusions may well be quite a surprise for some of our overseas friends. Australia is very lucky to have the Health and Safety legislation that it has, and we need to remember that not everyone has done Safety as well as us for as long as we have. The use of the hierarchy of control and consultation with the workforce will be very new concepts for some organisations around the globe.

ISO 45001’s new wording relating to the minimization/elimination of work-related illness and injury is as follows:

Top management shall establish, implement and maintain an OH&S policy that includes a commitment to provide safe and healthy working conditions for the prevention of work-related injury and/or ill health and is appropriate to the purpose, the size and context of the organisation and to the specific nature of its OH&S risks and OH&S opportunities.

Through this, you can see that there will be a large focus on ensuring that an organisation’s policy is suitable and tailored. Gone are the days when someone in an organisation could do a quick google search, then substitute their name on another company’s policy and adopt it word for word.  Additionally, in lieu of the specific commitment to eliminate (AS/NZS 4801) or minimize (OHSAS 18001) work-related illness and injury, 45001 will require a commitment to provide safe and healthy working conditions – a broader and more realistic aim for a lot of organisations.

Provided that your current policy is reflective of your own organisation’s needs, there shouldn’t be too much that you’ll have to change upon the release of ISO 45001. You may just need to add some commitments to things that you’re already required to do. If, however, your current OHS policy does not reflect your own needs, you’ve got a far way to go – and arguably shouldn’t have been certified to begin with.


Please note, this blog is based on the current draft of ISO 45001, ISO/DIS 45001.2:2017. The draft is subject to change at any time prior to its formal release as an international standard, currently expected in February of 2018.


Leave a Reply

Your email address will not be published.

“Well structured content, fantastic presentation by Miguel and loads learnt. The ISO 27001 training is helping me understand my clients’ needs better and make useful recommendations. Moreover, this was so much fun – thanks team!”

“Overall very valuable course. Balance of theory with practical workshops was excellent. Trainers stuck to timetable very well.”

To be honest, I wasn’t really looking forward to the training and wasn’t too sure what to expect. It turned out to be quite enjoyable and a really great experience which I put down to the facilitators, Pat and Tom and the group. Both Pat and Tom shared their breadth of knowledge and experiences and were really engaging.

“Great presentation of the course, engaging facilitators and good use of group work. I found the course to be a great refresher for an audit course I did 10 years ago and now feel more motivated to go audits in a non-bow tie way!”

“Trainers’ knowledge was excellent, their knowledge made the training and learning easy.”