Citation ISO Certification
Get A Quote Atlas logo - Red capital A logoLogin 0333 344 3646

What is ISO 45001? The Complete Guide to Occupational Health & Safety Management Systems

Find out more about what ISO 45001 is and how it can benefit you

What is ISO 45001?

Who needs ISO 45001?

The PDCA framework

Clauses and requirements

Benefits of ISO 45001 certification

Costs and timelines

Introduction

Every year, hundreds of thousands of workers across the UK are injured or made ill by their work. ISO 45001 exists to change that, giving businesses a best practice framework to manage Health & Safety risks in a structured, consistent, and continuously improving way.

ISO 45001 is the internationally recognised Standard for Occupational Health & Safety Management Systems (OHSMS). It gives organisations of any size a structured, proven approach to identifying and reducing workplace risks and creating safer working environments – helping prevent injury and ill health while protecting people, productivity, and business performance.

Published by the International Organisation for Standardisation (ISO) in 2018, it replaced the widely-used OHSAS 18001 Standard, bringing Health & Safety management in line with the same high-level structure used by ISO 9001 and ISO 14001. That alignment matters: if you already hold one of those certifications, adding ISO 45001 is more straightforward than you might expect.

For UK businesses, ISO 45001 sits alongside the Health and Safety at Work Act 1974 and Health and Safety Executive (HSE) expectations. It doesn’t replace your legal obligations. It gives you the framework to help meet them properly and consistently.

ISO certification woman in data centre server room, quality management system compliance, professional auditor, certification process, IT security standards, quality assurance, compliance audit, data centre standards, business quality improvement, professional certification.

ISO 45001 at a glance

  • Standard: ISO 45001:2018
  • Focus: Occupational Health & Safety Management Systems (OHSMS)
  • Replaces: OHSAS 18001
  • Structure: 10 clauses (clauses 4 to 10 contain the mandatory requirements)
  • Framework: Built on the PDCA (Plan-Do-Check-Act) cycle
  • Certification: Yes, issued by accredited certification bodies
  • Review cycle: Surveillance audits annually
  • Who it’s for: Any organisation with employees, regardless of size or sector

What is ISO 45001?

The meaning of ISO 45001 is straightforward: it is the internationally recognised ISO Standard for managing occupational Health & Safety. In practice, it’s a tried-and-tested framework for building a safer, healthier business. Rather than leaving Health & Safety management to chance, it gives you a clear roadmap: identify the risks, put the right controls in place, and keep improving so that your workplace gets safer over time.

The ISO 45001 Standard doesn’t prescribe exactly how you run your operations. Instead, it gives you the tools to run them more safely. ISO 45001 is:

  • Applicable to any organisation, regardless of sector or risk level
  • Flexible enough for a 5-person SME and robust enough for a multinational
  • Centred on preventing harm and improving worker wellbeing

A quick timeline

  • 1999: OHSAS 18001 published, the predecessor Standard for occupational Health & Safety management
  • 2007: OHSAS 18001 revised and updated
  • 2018: ISO 45001 published, replacing OHSAS 18001
  • 2021: Migration deadline passed, all OHSAS 18001 certificates expired
  • Now: ISO 45001:2018 is the globally recognised Standard for occupational Health & Safety management

UK sector examples

  • Construction: Manages site hazards, supports CDM compliance, and is required on most public sector frameworks
  • Manufacturing: Controls machinery risks, manual handling, and chemical exposure in a documented, auditable way
  • Logistics and transport: Addresses driver safety, vehicle operations, and lone working across dispersed teams
  • Healthcare and social care: Manages infection control, lone working, and staff wellbeing in high-pressure environments
  • Professional services: Covers stress, ergonomics, and mental wellbeing, often overlooked but firmly within scope
ISO certification woman working at a computer for quality management system compliance.

What is an Occupational Health & Safety Management System (OHSMS)?

An Occupational Health & Safety Management System is a documented, systematic approach to managing Health & Safety risks in your workplace. Rather than reacting to incidents after they happen, an OHSMS helps you identify hazards, assess risks, and put controls in place before anything goes wrong.

At its core, an OHSMS helps your organisation to:

  • Identify hazards before they become incidents
  • Assess and control risks in a consistent, documented way
  • Meet your legal obligations under UK Health & Safety legislation
  • Involve your workers in Health & Safety decisions
  • Continually improve your overall Health & Safety performance

Take a construction company as an example. Without a structured system, Health & Safety relies on individual supervisors, ad hoc checklists, and reactive fixes after near misses. With an ISO 45001-aligned OHSMS in place, that same business has clear procedures, defined responsibilities, regular audits, and documented evidence, all working together to keep people safe and the business legally protected.

Who needs ISO 45001?

You don’t have to run a high-risk operation to benefit from ISO 45001. In fact, that’s one of the reasons it’s so widely adopted. ISO 45001 applies to any organisation with employees, regardless of size, sector, or how hazardous the day-to-day work is.

You might need ISO 45001 if:

  • You’re bidding for public sector contracts. Many public sector frameworks, particularly in construction, facilities management, and local government supply chains, require ISO 45001 as a condition of tender.
  • You’re part of a supply chain that demands it. Principal contractors and large buyers increasingly expect ISO 45001 from their suppliers, particularly in construction, engineering, and manufacturing.
  • You operate in a high-risk environment. Construction, manufacturing, logistics, and utilities businesses often find ISO 45001 is expected rather than optional.
  • You want to demonstrate duty of care. Certification gives you documented, independently verified evidence that your Health & Safety management is robust.
  • You’re an SME looking to grow. ISO 45001 builds the structure and credibility that opens doors to larger contracts and new clients.
  • You want to reduce incidents, costs, and downtime. Even without external pressure, a structured OHSMS drives real operational improvement.

Whether it’s a client requirement or a proactive investment in your people, ISO 45001 delivers measurable returns across organisations of every size.

Core framework: The PDCA cycle

ISO 45001 is built on the Plan-Do-Check-Act (PDCA) cycle, a continuous improvement model used across all major ISO Standards. It’s what makes the Standard practical and repeatable, not a one-off compliance exercise.

Here’s how it applies to Health & Safety:

Plan (Clause 6)

Identify your Health & Safety hazards and risks. Assess what could go wrong and how likely it is. Set measurable objectives. Define who is responsible and what needs to happen. This is where strong risk assessments, legal compliance reviews, and operational planning take place.

Check (Clause 9)

Monitor and measure your performance against your objectives. Conduct internal audits. Review incident data, near misses, and legal compliance. Hold a formal Management Review to assess whether the system is working.

Do (Clause 8)

Put your plans into action. Implement controls, define operational procedures, manage contractors and visitors, and prepare your emergency response. This is the day-to-day running of your OHSMS.

Act (Clause 10)

Respond to what you find. Investigate incidents. Correct non-conformances. Identify opportunities to improve. Feed those improvements back into the Plan stage and the cycle begins again.

This is what transforms ISO 45001 from a static document into a living system that gets stronger with every cycle.

Why the PDCA cycle matters for UK businesses

ISO 45001’s PDCA framework directly supports compliance with the Health and Safety at Work Act 1974 and the Management of Health and Safety at Work Regulations 1999, which require employers to assess risks and put appropriate controls in place.

The 10 Clauses of ISO 45001

ISO 45001 follows a High-Level Structure (HLS), sometimes referred to as Annex SL, which is the same framework used by ISO 9001, ISO 14001, and ISO 27001. This shared structure makes it easier to integrate multiple Standards and means that if you already hold one ISO certification, the logic will feel immediately familiar.

Clauses 1 to 3 are introductory and definitional. The real substance, and what auditors focus on, sits in Clauses 4 through 10.

Clause Title What it covers
1 Scope What the Standard applies to and its intended outcomes
2 Normative references Referenced documents and Standards
3 Terms and definitions Key terminology used throughout the Standard
4 Context of the Organisation Understanding your business, stakeholders, and the scope of your OHSMS
5 Leadership and worker participation Management commitment, roles, responsibilities, and worker involvement
6 Planning Hazard identification, risk assessment, legal compliance, objectives and plans
7 Support Resources, competence, awareness, communication, documented information
8 Operation Operational controls, emergency planning, contractor and visitor management
9 Performance evaluation Monitoring, measurement, internal audits, Management Review
10 Improvement Incident investigation, non-conformance management, continual improvement

Clause checklists

Clause 4 – Context of the Organisation

  • Identify internal and external factors that affect your ability to achieve your Health & Safety outcomes
  • Understand what workers, clients, regulators, and other stakeholders need and expect
  • Define the scope of your OHSMS, covering which sites, activities, and workers it includes
  • Document and review your context analysis regularly

Clause 6 – Planning

  • Identify hazards across all activities, locations, and work types, including remote and lone workers (Clause 6.1.2)
  • Assess risks and opportunities and document how you will address them
  • Establish a register of legal and other Health & Safety obligations and keep it current (Clause 6.1.3)
  • Set measurable Health & Safety objectives and create plans to achieve them (Clause 6.2)
  • Integrate Health & Safety planning into broader business planning

Clause 8 – Operation

  • Define operational controls for all significant hazards
  • Manage contractors, visitors, and outsourced activities within your OHSMS
  • Plan and test your emergency preparedness and response procedures
  • Document processes clearly so controls are applied consistently

Clause 10 – Improvement

  • Establish a process for managing non-conformances and corrective actions
  • Investigate incidents thoroughly, including root cause analysis
  • Track improvement initiatives and assess their effectiveness
  • Use every audit cycle to strengthen your OHSMS, not just maintain it

Clause 5 – Leadership and Worker Participation

  • Develop, communicate, and embed a Health & Safety policy
  • Assign clear Health & Safety roles and responsibilities across the leadership team
  • Demonstrate active leadership commitment, not just sign-off
  • Create accessible channels for workers to raise concerns, report hazards, and contribute to decisions
  • Ensure workers are consulted on changes that affect their Health & Safety

Clause 7 – Support

  • Ensure staff are competent and trained for their Health & Safety responsibilities
  • Maintain appropriate infrastructure and a safe working environment
  • Establish clear processes for internal and external Health & Safety communication
  • Create and maintain documented information, including policies, procedures, and records, that is accessible and up to date

Clause 9 – Performance Evaluation

  • Monitor Health & Safety performance against your objectives and legal requirements
  • Investigate incidents and near misses and track corrective actions through to completion
  • Conduct internal audits at planned intervals and follow up on findings
  • Hold regular Management Reviews with leadership to assess overall OHSMS performance

Benefits of ISO 45001 Certification

Implementing ISO 45001 is more than a Health & Safety exercise. It's a business decision with measurable returns.

Fewer workplace incidents and lower costs

A structured OHSMS identifies hazards before they become accidents. Fewer incidents means less disruption, lower insurance costs, fewer compensation claims, and less time lost to investigation and downtime. 80% of Citation ISO Certification clients say they’re less likely to have a Health & Safety incident as a result of having ISO 45001.

Stronger legal compliance

ISO 45001 aligns directly with the Health and Safety at Work Act 1974 and HSE expectations. A certified OHSMS demonstrates that your business takes its legal obligations seriously and gives you documented evidence if you ever face enforcement action or a claim.

Win more tenders

ISO 45001 is increasingly required for public sector contracts, construction frameworks, and large supply chain programmes. Many pre-qualification questionnaires (PQQs) now ask for it directly. Among Citation ISO Certification clients, 94% say having ISO certification has helped them win a tender.

Better employee engagement and wellbeing

ISO 45001 places significant emphasis on worker participation. When employees are involved in Health & Safety decisions, they're more engaged, more vigilant, and more likely to raise concerns early. 76% of Citation ISO Certification clients say their certification has helped them build a more productive, happy, and safe workplace.

Improved business reputation

Certification signals that your business takes its responsibilities seriously. That matters to clients, supply chain partners, and increasingly to potential employees. People want to work for organisations that look after their people.

Continuous improvement built in

The PDCA cycle means your OHSMS doesn't stand still. Each audit cycle strengthens the system, closing gaps and building on what's working.

ISO 45001 certification process

Getting certified can feel daunting. With the right support, it’s a clear, structured process and one that many UK businesses complete within three months.

How to get ISO 45001 certified: A step-by-step guide

Step 1

Gap analysis (1 to 2 weeks) Assess where your current Health & Safety arrangements sit against ISO 45001 requirements. This identifies what’s already in place and what needs to be developed or documented.

Tip: At Citation ISO Certification, we do this with you, a guided gap analysis that highlights quick wins and pinpoints exactly what needs to change.

Step 2

System design and documentation (2 to 6 weeks depending on complexity) Build or update your OHSMS to meet the Standard’s requirements. This includes your Health & Safety policy, risk assessment processes, procedures, objectives, and records, all tailored to your organisation and your activities.

Common outputs include: Health & Safety policy, risk assessment register, legal compliance register, objectives and plans, operational procedures, and competence records.

Tip: With Citation ISO Certification, you’re not building this alone. Our consultants create your management system for you, using tailored templates hosted in our Atlas platform.

Step 3

Implementation (runs alongside or after Step 2) Put your system into practice. Train your team, communicate roles and responsibilities, and start generating the records that demonstrate your system is working in practice, not just on paper.

Step 4

Internal audit (1 to 2 weeks) Conduct an internal audit to assess whether your OHSMS meets ISO 45001 requirements and to identify any gaps before the certification audit. It can be conducted by a trained member of your team or with external support.

Tip: Treat this as a practice run. Finding things to fix here is normal, and far better than finding them in the certification audit.

Step 5

Management Review (runs alongside or after the internal audit) A formal review by your leadership team to assess overall OHSMS performance. This is a key ISO requirement that’s often underestimated. Your leadership team should review audit findings, incident trends, objectives progress, legal compliance, and any changes that affect the OHSMS.

Step 6

Certification audit (2 to 3 weeks including both stages) Your chosen certification body conducts a two-stage audit:

  • Stage 1: A documentation review. The auditor checks your policies, procedures, and readiness.
  • Stage 2: A full on-site assessment. The auditor evaluates how effectively your OHSMS is operating in practice.

Once you pass, you receive your ISO 45001 certificate.

Tip: Choose an accredited certification body. Citation ISO Certification is ASCB-accredited, which is accepted by the vast majority of UK tenders and supply chains. If a specific tender requests UKAS accreditation, always check whether ASCB certification is acceptable.

Implementation checklist

  • Draft or review your Health & Safety policy
  • Define the scope of your OHSMS
  • Conduct hazard identification and risk assessment
  • Establish your legal compliance register
  • Set measurable Health & Safety objectives
  • Define operational controls and procedures
  • Train key staff on the OHSMS
  • Establish monitoring and performance review processes
  • Conduct internal audit and Management Review
  • Prepare for external audit

How long does it take?

Most organisations achieve ISO 45001 certification within 3 to 6 months, depending on the size and complexity of the business and how much is already in place. With expert support, Citation ISO Certification clients can often achieve certification in as little as 45 days.

What does it cost?

ISO 45001 costs vary depending on business size, complexity, number of sites, and how much support you need. Use our ISO fee calculator to get a tailored quote for your organisation.

How Citation ISO Certification helps you get certified

We’re with you every step of the way, from your first conversation with one of our ISO specialists right through to certification and beyond.

Here’s what that looks like in practice:

  • We build your management system for you, using tailored templates hosted in our Atlas platform
  • We guide you through every stage, from gap analysis to certification audit
  • We keep it simple, with jargon-free advice and practical support so you can focus on running your business
  • We’re ASCB-accredited, so our certifications are accepted across the vast majority of UK public sector and private sector tenders

Looking ahead: ISO 45003 and the future of Health & Safety management

ISO 45001 focuses on physical and occupational Health & Safety risks. But as workplace wellbeing evolves, psychological Health & Safety is increasingly in focus too.

ISO 45003, published in 2021, is the companion guidance document that addresses psychosocial risks at work: stress, burnout, harassment, and mental health. It’s designed to be used alongside ISO 45001 and can be implemented as an Integrated Management System (IMS).

For UK businesses operating in high-pressure environments or with a growing focus on employee wellbeing, adding ISO 45003 to an existing ISO 45001 system is a natural next step and an increasingly valued signal to clients and talent alike.

ISO certification document with the QMSUK logo, symbolising quality management standards adherence and professional accreditation in compliance with international standards.

Common Questions

About ISO 45001

ISO 45001 is an international Standard that gives organisations a structured framework for managing workplace Health & Safety. It helps you identify risks, put controls in place, meet your legal obligations, and continually improve your approach to keeping people safe.

The purpose of ISO 45001 is to prevent work-related injury and illness and to provide safe and healthy workplaces. It does this by giving organisations a systematic approach to identifying hazards, managing risks, and improving Health & Safety performance over time, not just reacting to incidents after they occur.

Any organisation with employees can benefit from ISO 45001. It applies to businesses of all sizes and sectors. It’s increasingly required for public sector contracts, construction frameworks, and large supply chains, but it’s also valuable for any business looking to manage its Health & Safety responsibilities in a structured, verifiable way.

No. ISO 45001 is not a legal requirement. However, the Health & Safety obligations it supports, under the Health and Safety at Work Act 1974 and associated regulations, are. ISO 45001 is one of the most effective ways to demonstrate you’re meeting those obligations. It’s also increasingly required as a condition of tender by public sector bodies and large private sector clients.

Fewer workplace incidents, stronger legal compliance, improved employee wellbeing and engagement, better tender success rates, lower insurance and incident costs, enhanced business reputation, and a framework for continuous improvement that gets stronger year on year.

The PDCA cycle, Plan, Do, Check, Act, is the continuous improvement model that underpins ISO 45001. You Plan by identifying risks and setting objectives; Do by implementing controls and procedures; Check by monitoring performance and conducting audits; and Act by addressing findings and improving the system. The cycle repeats, making your OHSMS progressively stronger with each iteration.

ISO 45001 is structured around 10 clauses: (1) Scope, (2) Normative references, (3) Terms and definitions, (4) Context of the organisation, (5) Leadership and worker participation, (6) Planning, (7) Support, (8) Operation, (9) Performance evaluation, and (10) Improvement. Clauses 4 to 10 contain the practical requirements your management system must meet.

OHSAS 18001 was the predecessor Standard, widely used before ISO 45001 was published in 2018. ISO 45001 replaced it entirely and all OHSAS 18001 certificates expired in 2021. ISO 45001 introduced stronger requirements around worker participation, leadership commitment, and the integration of Health & Safety into overall business strategy. It also shares the High-Level Structure with ISO 9001 and ISO 14001, making integration much easier.

ISO 9001 focuses on quality management, delivering consistent products and services that meet customer requirements. ISO 45001 focuses on Health & Safety, preventing workplace harm and protecting your people. Both follow the same High-Level Structure, so they integrate cleanly. Many UK businesses hold both as part of an Integrated Management System.