ISO 45001 vs OHSAS 18001

If your organization still operates under OHSAS 18001 or is considering implementing a formal occupational health and safety management system, this article is essential reading.

OHSAS 18001 was officially withdrawn in 2021, replaced entirely by ISO 45001:2018.

The transition is not just an administrative update.

ISO 45001 represents a fundamental rethinking of how organizations approach occupational health and safety, moving from a reactive, compliance-driven model to a proactive, risk-based approach that integrates safety into the core of business strategy.

Here’s what changed, why it matters, and how to prepare.

OHSAS 18001 (Occupational Health and Safety Assessment Series) was the internationally recognized standard for occupational health and safety management systems from 1999 to 2021.

It provided a framework for:

• Identifying and controlling health and safety risks
• Reducing the potential for accidents
• Supporting legal compliance
• Improving overall performance

While OHSAS 18001 was a significant step forward in its time, it had important limitations:

• Primarily focused on hazard control and compliance
• Did not require integration with the overall business strategy
• Limited emphasis on worker participation
• Did not explicitly address the supply chain   and contractor safety
• No requirement to consider the needs of interested parties beyond employees

ISO 45001:2018 is the first truly international standard for occupational health and safety management systems, developed by ISO technical committee ISO/TC 283.

It follows the High-Level Structure (HLS), the same framework used by ISO 9001 and ISO 14001, making the integration of management systems significantly easier.

The 6 most significant changes from OHSAS 18001:

1. Context of the organization (new in ISO 45001)

Organizations must now identify internal and external factors that affect their OH&S performance, including regulatory requirements, supply chain relationships, and organizational culture.

2. Leadership and worker participation (significantly strengthened)

ISO 45001 places explicit responsibility on top management, not just the safety department. Worker participation is now mandatory, not optional.

3. Risk and opportunity thinking (new approach)

OHSAS 18001 focused on hazard identification and risk control.

ISO 45001 goes further, requiring organizations to identify and act on opportunities to improve OH&S performance, not just control risks.

4. Procurement and contractors (significantly expanded)

ISO 45001 explicitly requires organizations to manage the OH&S risks associated with contractors, outsourced processes, and supply chain partners.

5. Emergency preparedness (strengthened)

More rigorous requirements for planning, testing, and reviewing emergency procedures.

6. Performance evaluation (more structured)

Clearer requirements for monitoring, measurement, analysis, and evaluation of OH&S performance, including management review.

Beyond compliance, the shift to ISO 45001 has real business implications:

Legal protection:

ISO 45001 certification demonstrates due diligence in meeting occupational health and safety obligations.

In the event of a serious incident, certification provides documented evidence of a systematic approach to risk management.

Customer and tender requirements:

Increasingly, major industrial customers and public procurement processes require ISO 45001 certification as a prerequisite for qualification.

Insurance benefits:

Many insurers offer reduced premiums for ISO 45001 certification, reflecting the lower risk profile of certified organizations.

Workforce engagement and retention:

A certified safety management system signals to current and prospective employees that their well-being is taken seriously, a significant factor in attracting and retaining talent in competitive labor markets.

Integration with ISO 9001 and ISO 14001:

The common High-Level Structure enables organizations with multiple certifications to integrate their management systems into a single, more efficient framework.

Step 1: Gap analysis

Conduct a structured comparison of your current OHSAS 18001 system against ISO 45001 requirements.

Identify the gaps, particularly around context, leadership, worker participation, and procurement.

Step 2: Update your hazard identification process

ISO 45001 requires a more comprehensive approach to hazard identification, including changes in work organization, psychosocial factors, and contractor activities.

Step 3: Engage top management

Obtain explicit commitment from senior leadership, not just the safety department.

ISO 45001 auditors will interview top management directly to verify their understanding and involvement.

Step 4: Establish worker participation mechanisms

Create formal channels for worker consultation on OH&S matters, safety committees, improvement idea systems, regular safety briefings.

Step 5: Update documentation

Revise your OH&S policy, objectives, procedures, and records to reflect ISO 45001 requirements.

Step 6: Train your internal audit team

Internal auditors must understand the ISO 45001 structure and audit against its specific requirements.

Step 7: Conduct an internal audit and management review

Before certification, conduct at least one complete internal audit cycle and management review against ISO 45001 requirements.

Step 8: Certification audit

Engage an accredited certification body for your Stage 1 (documentation review) and Stage 2 (implementation audit) assessments.

I guide organizations through the complete ISO 45001 transition, from gap analysis to certification, with practical, hands-on coaching that prepares your team for sustainable compliance, not just audit success.

Let’s discuss your current situation.