ISO 45001-Global Standard for Occupational Health and Safety Management Systems: An Introduction with Chris Ward


ISO 45001 Image

If your career is related to occupational safety and health, there’s a good chance you’ve heard about the new ISO 45001 Global Standard for Safety and Health Management.

If you need to get up to speed on ISO 45001, we’re happy to announce we’ve got just the ticket for you: two interviews with Chris Ward, who played a big role in developing and publicizing the ISO 45001 standard.

In this interview, the first of two, Chris will give us an introduction to ISO 45001, answer some basic questions, and give us links to some resources for more information. In the second interview, to follow soon, Chris will share with us some tips for implementing ISO 45001.

We’d like to thank Chris for his work on the standard and for the time and knowledge he shared with us below. And on a side note, please feel free to download our free 10 Steps to Starting with Safety Management infographic.

And with that, let’s get learning more about ISO 45001.

You can watch the recorded video of the discussion below. If you’d prefer to read, we’ve typed up a transcript for you too–just click the MORE button for that.

Introducting ISO 45001

Let’s get right into our questions with Chris Ward about the ISO 45001 Standard for Occupational Safety and Health Management Systems.

Convergence Training: OK, hi everybody, and welcome. We’re really excited, we’ve got a great special guest today. We’ve got Chris Ward of IMS Global Standards, and Chris is going to be talking to us about ISO 45001, the new standard for safety management.

So enough of the intro. We’re really excited to have Chris, we appreciate his time, we think you’re going to learn a lot from him, and with that I’m going to turn it over to Chris.

Chris, hello, how are you today?

Chris: I’m fine, Jeff, thank you, and thank you for inviting me to this web conference. Yes, it’s a great day here in the UK, and we can look to the future, in the same way as 45001 is something for the future.

Convergence Training: Well said, fantastic. Let’s dive in, and before we start talking about 45001, maybe you could tell us a little about yourself. Who is Chris Ward and what is your relationship to 45001?

Chris: Yes, I’ve worked for the UK regulator Health and Safety Executive for almost 40 years. Near the end of my time there, I worked on developing management systems’ guidance for HSE publications and for use by HSE’s inspectors. I helped revise HSG 65 the go to HSE guidance for OHSMS. It’s used a widely around the world, many OH&S students will have been trained with it. It was the original POPMAR system (policy, organizing, planning, measuring, auditing, reviewing) the precursor to OHSAS 18001. And after leaving HSE, I started work with the developers of 45001 in 2013 when it was first originated in my role as member of British Standard’s committee for 18001 . I have been on that committee for ten years now.

And so in the early part of 45001, I attended and helped with some of the drafting, and I’ve kept an eye on it ever since, and started a LinkedIn group dedicated to 45001 which is now the world’s largest 45001 group.

What Is ISO 45001?

Convergence Training: Great. And that’s of course how I originally met you. OK, next question–this interview is to learn about what 450001 is, it’s an ISO standard, so I’ll ask it in two parts.

For those who don’t know, could you explain to people what ISO is, and then could you explain what ISO 45001 is?

Chris: Yes, ISO is the International Standard Organization. It’s a charitable institution which creates standards used throughout the world. These standards are voluntary, and they’re created and drafted by volunteers, and quite often these technical experts are members of the national standards bodies for countries.

There are there are over 22,000 published ISO standards, ranging from product to environmental standards, some people may be familiar with the 14001 standard.

And the organization is based in Switzerland, and quite often what happens is the national standards bodies for the particular countries–ANSI in the US; or BSI in the UK–will adopt the ISO standard to make it their own national standard, and in doing so, they have to keep the standard very much as it is, although there may be some individual variations to meet countries’ requirements.

Now, 45001 is the first global occupational health and safety management standard. In 2013, the delegates to ISO identified increasing pressures around the world to have a unified management system. The USA had their own, Australia had their own together with New Zealand, and Britain had 18001, which was being used increasingly around the world but wasn’t a truly global standard, and it needed to be reviewed to make it relevant to contemporary business.

So that’s the start of 45001, it began with about 40 nations or so in support, but by the end, when 45001 was adopted this year, there were almost 100 nations with active an interest in it.

Problems 45001 Is Intended to Solve

Convergence Training: Great. So you touched on already the fact that there are a lot of different national standards, none of which were coordinated, and that was one of the reasons to create 45001, to coordinate them.

But what kind of problems were people running into due to the fact that there was kind of an alphabet soup of standards and what’s the hope for 45001-what are the real benefits of having a single, consolidated, global standard?

Chris: The reservations about having a national standard in your country but not being relevant in other countries is that all the standards required different things. They may be made parochially for the different circumstances in whichever country it may be–the US, Australia, New Zealand, etc. And, because these were made at different times, they all had a different level of maturity. And through the 1990s and early 2000s, there was an increasing recognition that we needed to move away from a sort of “prevention” and detailed, prescriptive approach to one of objective setting, and this standard is really about objective setting, flexibility, and a risk-based approach.

The problem with prescription is that if the prescription misses an activity, the activity itself may be a high-risk activity. So if it’s not included in the standard, organizations will feel that they don’t need to do anything to close down that loophole in health and safety. So objective setting is a better way and setting high-level strategies and gaining the commitment of higher management was really something we had identified as being critical.

Application of 45001–Who Has to Use It?

Convergence Training: Great, good answer, and yet another move toward risk-based approaches in safety.

So if I’m a safety manager, and maybe this is entirely new to me, I’ve never heard of this before, is this mandatory to participate in this, or is it optional, and who does it really apply to?

Chris: Yes. International standards are purely voluntary, unless a nation wishes to integrate them and adopt them as their own statutory provisions. Now, that happened with 18001–it was the law in one particular country. But often, they are seen as guidance or as best practice. And, generally, what we’re saying is they wouldn’t become statutory provisions, although they can be referred to in civil and legal proceedings as being a methodology of identifying best practice.

The benefits, or the particular reasons the standard was introduced, was to accommodate the increasing globalization of business, and to make it relevant to modern businesses. This issue of globalization will start transcending national trade barriers, and companies have to work in increasingly different trading blocs. We’ve had plenty of examples of that in this last year, 2018. So a truly global standard can act as a route and passport through these trading barriers. Because if you’re a multi-national company with locations in different places you will be able to work to one standard, whether the headquarters is in Bermuda and manufacturing is in the US, and there’s another manufacturing plant in China, they can all work to the same standard. So there’s a very good economic and trading reason for having this global standard.

I think, though, that the standards makers weren’t thinking too much about that, they were thinking much more about what I touched on earlier, and that is to increase the focus on risk-based management of health and safety rather than risk prevention by middle managers. By that I mean they ensure that various protective measures are in place, using supervision, making sure people had on their PPE etc. to manage hazards. Whereas the standard needs higher-level management engagement with an emphasis on eliminating the hazards to avoid risk .

Also, another driver was that other standards, 9001 for Quality and 14001 for Environment, had increasingly shown that there was a demand for global standards. There are over one million organizations certified to 9001, and over 300,000 to 14001, and it made sense that health and safety should run alongside these, and to help that happen, was the development of something called Annex SL, and I’ll touch on that later, but those three standards are now integrated management standards, as is 27001 for Information Security.

There were about five or six drivers for this. One was the changing patterns of employment, increasing diversification and fragmentation, so that organizations were essentially not as large and as labor-intensive as they were in the traditional manufacturing and service industries. The national standards bodies were driving towards unification. There are increasing social expectations which require competent corporate governance. There are drivers from business, reputation management and environmental considerations. Together with the expense of civil litigation, there are increasingly both moral, ethical, and business drivers to having a better management systems.

18001 and existing national standards had these reservations and drawbacks. The standards’ makers considered that smaller, more fragmented organizations need to manage health and safety, and they needed guidance with flexibility, and a code to work to. The standard makers have tried to provide that flexibility by taking a risk based approach and reducing the need for documentation.

I think, Jeff, that’s seven or eight points, all of which were important, and they may impact different organizations in different ways, and probably the listeners and readers will be able to relate to some of those as being important to them.

Transitioning from 18001 to 45001

Convergence Training: Good answer, some things I hadn’t thought about before. Thank you. One thing you did mention, at least briefly I believe, is OHSAS 18001. I read some materials from you as well, discussing how 45001 is similar to and different than 18001. I wondered if you could speak to the difference between those two standards, and maybe give some words of wisdom for people who have been following 18001, how they should transition to 45001, or whether they should transition, or what they should be doing?

Chris: OK. Yes, 18001 was originally created in 2007 as an enhancement of BSI 8800:1996. Let’s talk about the reservations about 18001 and then the advantages of 45001.

The reservations were that it was not a risk-based approach, it was all about being reactive to circumstances. I won’t go into the detail or philosophy, but it was associated with prevention. It was a reactive approach, for instance it focussed on prevention of injury. Whereas the philosophy of 45001 is proactive, you look at risks and the opportunities to avoid a risk being present in the workplace. There is significant emphasis on identifying risks and opportunities and continual improvement to head off accidents.

That’s essentially one of the major differences. There’s also, in 45001, more emphasis on leadership by top management who have to accept accountability for OH&S performance. Also 18001 didn’t take into account the context of the organizations working environment, not only locally, but the macro aspect as well–that’s geographic, economic, statutory, the needs of interested parties and what’s happening in the particular sector that you organization is working in.

So, these will mean quite a bit, no doubt, to some of the readers and listeners, Jeff. The other key difference to make 45001 more flexible was to move away from documents, creating a manual and procedures approach to one of a process with more flexibility, especially with documented information. For instance, now documented information can be from any media, e.g. digital, so a cell phone photograph, a recording, data in the digital format is all acceptable in 45001, this just wasn’t so in 18001. 18001 led to creation of procedures manuals, which became its focus and attention of auditors. The new standard auditors will concentrate on performance both for OH&S but also of the OHSMS itself.

So those are the key differences, Jeff.

Now, so the other part of the question was, what do we suggest for those who have followed 18001. 18001 will be withdrawn, certificates will cease to be issued, in March, 2021. So there’s a three-year migration period. Now, any organization that’s gone through 18001, you’d expect will want to go to 45001. There might be a few that might want to drop out of the certification route. The protocol for transitioning and migration from 18001 to 45001 is International Accreditation Forum MD 21 Requirements for the Migration to ISO 45001 from OHSAS 18001. It has a step by step approach, beginning with understanding the requirements, carrying out a gap analysis to produce an implementation plan, deliver the implementation plan and undertake a management review. Ref MD-21 of the IAF.

So, what are 18001 organizations doing currently? Well, those organizations will be on an audit and certification cycle, and it depends on what part of that cycle they’re in now as to what actions they will take. But you would think that they will start considering how to start this migration, they should be thinking about that now, even though they may not yet start the process.

On the day the 45001 standard was published, there were (in the UK, at least) ten organizations registered (Certificated). They started the process before the standard was published. Many organizations are just biding their time a bit, because this will be a significant project for organizations. Like us all, we will be already trying to deliver on other programs, so it will take a while to build 45001 into a work programme. And the first step of which will be to convince top management that they need to do it, and secondly to make an assessment of how big the task will be through gap analysis.

Certification & 45001

Convergence Training: OK, good answer. Just a side comment here, I was talking with a guy, you may or may not know him, his name is David Metcalfe and he’s with Verdantix, they do a lot of work with companies in EHS, and he was mentioning that a lot of his clients were keeping an eye on 45001 and were planning on adopting and implementing eventually, to make that migration as well, just as you said, even if they haven’t jumped into the deep end just yet.

You talked about certification, and we’ve given a lot of background for 45001. I wonder now if you can give us some information about 45001, and in particular, if I have this right from you, three levels of certification, if you can explain those to the listeners.

Chris: Yes. There are three methodologies of an organization adopting and declaring that they are working to the standard. I put it that way. There are three levels of verification, and from level 1 through to level 2 and then level 3.

Level 3 is certification, and that is where an organization will be registered by a certification body, and that registration is the declaration or certificate that they can show that they conform to a standard, and this standard in particular. So that is level 3 certification, and it’s sometimes known as registration, and sometimes known as certification, depending on which country you’re in.

However, there are two levels below that, level 1 and level 2.

With level 1 verification, you can self-declare and self-verify adherence to and compliance to this standard by going through a process of internal audit, and if the audit is done thoroughly and acceptably to the organization, they can declare that they work to it. And I think that’s probably quite a big plus, especially for smaller organizations, or for those organizations that don’t want to go down the certification process, because that’s more expensive, because of employing outside people–not to say that the rigor is any greater, but there are others in the loop of your implementation. So with level 1 verification, it can be an internal audit, or you can employ an external auditor to go through the process with you. In either case, it isn’t registered or certified.

Level 2 is where a second party, or an outside body, will audit your system, and it’s often a client or a customer, so a supplier may audit their client, Or, it can be demand led through a contract specification from one of the organization’s clients requiring the supply organization to conform to 45001. And this is quite often the pressure from outside that pushes the organization to conform. So, this is an external audit from organization who may be a supplier or in the supply chain or a client who audits that organization. Now that is not accredited certification, but quite often you see these supply-chain quality systems developed by large organizations, and they will declare that all of their suppliers comply to their commercial or their corporate system. And that is increasingly important in global markets. You can see the pressures, particularly when you’ve got extended supply chains, global supply chains, it gives some assurance both from a business point of view but also an ethical point of view that the supply chain is conforming to the standards. These are very much in the news, we call it over here in the UK” slave labor” which are poor working conditions mainly in some of the developing countries. So 45001 will have a part to play to provide assurance of acceptable working conditions.

Just as an aside, Jeff, if we remember the 2013 Rana Plaza factory collapse in in Bangladesh, where many global brand clothing manufacturers had their garments manufactured. Since that happened over 200 clothing outlet organizations have now developed an Accord such that any supply from Bangladesh will have to meet minimum standards of employment, welfare, and safety. There is role for ISO 45001 to fulfill the demand to maintain good working conditions there and elsewhere in the world.

ISO 45001 & Similar Standards

Convergence Training: Gotcha. That was a terrible tragedy, but it’s nice to have a concrete example of how 45001 can fill a gap and make for safer workplaces.

One last specific question for you, Chris. Something you’ve hinted at a little bit. If you could give us a little more detail about this, and this will be the last question of this first of two webinars that you and I will be having (the other will be on implementing ISO 45001), you mentioned that ISO 45001 is similar to some ISO standards on Quality, on Environmental protection, and I didn’t know, also Security, that was new to me. And I wondered if you could explain how this new ISO 45001 standard is similar to those other standards, and what the benefits are of having all of those be similar?

Chris: Yes, you mentioned four integrated management standards, Jeff, and there’s a fifth, 22301, I think, it’s on business management continuity.

They all are framed or structured in a manner known as Annex SL, and that is a system where all those standards have the same clauses and headings. There are 10 clauses, and each of those standards has the same headings. And to quite a significant extent, the wording of the clauses are the same. What is different is the specificity within those clauses–9000, Quality; 14000, Environment; 27000, Security; and 22001, Food Safety Management.

So Annex SL provides that commonality, and we’re looking at some of the advantages now, because of that commonality, you can see the business case for avoiding duplication, but also reducing the intellectual effort that goes into trying to understand what each standard is trying to achieve. And so there are those advantages.

So you’ve got an organization that’s already adopting 9001, for instance, and there’s a million of them, you can see that they will also have to deal with Environment, without a doubt, and Health and Safety will come into their remit as well. So, you can see the advantages, looking at these management standards, because it will reduce duplication. Quite often, each standard will have its own specialist, that’s how the business operates, there will be a specialist in Quality, one in Environment, and so on, and they may even have their own processes and procedures, which again are separate–there’s a tunnel and chimney approach that you can help break down by using an integrated management standard.

Whatever the key benefit is, each of these standards needs top management to engage, each standard is a bidding for integrating the particular process into other business processes, so you get the top management team working together with a common aim, rather than, which quite often happens with organizations, is that each of these top managers are competing to defend their own particular disciplines. Here now is a good catalyst to get them to work together toward a common aim, health and safety in particular, but also equally to environment and quality.

So you’re going to reduce duplication, you will also have the flexibility of people within the organization being able to understand and contribute to their common purpose. Quite often, when different processes are in operation, e.g. production and safety, the workers at the point of delivery have to resolve these sometimes conflicting aims, “OK, so we’ve got something wrong with this machine, it’s going to be unsafe to use it, but we need to hit our production target, now which is more important to us? The quality, the environment, or is it health and safety? Which one are we going to sacrifice ?” And often it is safety which takes a lower priority to production. So there frequently mixed messages coming down from management. The move to integration will help clarify the priorities and the organizational values.

We can talk about some of the differences between those standards, certainly the areas where they will be different are the policies in each of those standards. For instance, the aims and objectives of quality and safety will not be the same. One of the common approaches to all the IMS standards is the assessment of risks and opportunities. The difference with 45001 is that it is risk and opportunities not only to the management system but also to the OH&S of people. There is therefore in ISO 45001 a wider application of risk than for instance ISO 9001.

And one of the other things organizations will be thinking about their compliance obligations. So Quality and Environment will focus on the specific compliance obligations and aiming to meet them. There may be little value to the organization in exceeding those minimum requirements. However, with OH&S those minimum statutory requirements will still leave workers and others injured and suffering ill health. So there is much to be gained from exceeding those minimum requirements, certainly from an ethical perspective.

No doubt those with 9001 and 14001 will argue perhaps that the same goes for their subjects too. I think because the statutory requirements of some countries are quite low, and even in advanced countries there are still gaps that I mentioned earlier because of their prescriptive approach, this Standard will make significant improvements to OH&S.

How to Learn More about 45001

Convergence Training: That’s a good answer. And that’s the last of my prepared questions for this interview. You and I thought of this interview as a way to introduce people to 45001, so task done. For people listening to or reading this interview, Chris has been nice enough to come back for a second interview on how to implement 45001. He has some tips for implementing 45001, so we look forward to that, that will be really valuable, and we thank Chris for that. Chris, before we take off, I mentioned you’re working on some materials, you told me this, that will help people get to know 45001 better, and you’ll have them on a website at some point soon, so again, people listening, know we will get those links to you and find a way to get those materials to you. Between now and then, though, Chris, is there a way for people learn more about 45001 and/or to get in touch with you to learn more about 45001?

Chris: Sure, Jeff, we have a website,, and there’s a lot of free information, downloads, and background information there, and we have several commercial products as well, for instance I have written a guide to the standard, we also have a combined gap analysis/implementation planner tool which is based on the Plan Do Check Act approach of the standard and as suggested by MD21. These products have been produced by those us who helped draft the standard.

So people are welcome to come along to our webpages or get involved in discussions in my Linkedin group.

And I look forward to the next webinar, Jeff. One of the things that’s going through my mind about organizations is to categorize them into A, B, and C lists, so we can talk about that a little bit more, who are the A-listers and who are the C-listers, and who are the also-rans for whom this standard is just not going to be for them.

Convergence Training: Alright, great, I look forward to that. Before we close down, I just want to thank you for your time. I came in thinking I knew the stuff we were going to talk about pretty well, and I have learned things I had no idea about today, so thank you very much for that. I want you thank you for the work you’ve done on the standard, which is appreciated and, I’ve been been working on an American National Standard, ANSI/ASSP Z490.2 for Online Safety Training, so I know it’s not easy, I can’t imagine what your job was like, so thank you for that. And I also want to call out and thank you, and this is a way for people to keep in touch and to follow Chris, Chris you did mention you have a LinkedIn group on the the ISO 45001 standard, and you do a lot of work sharing information and did a lot of work throughout the development of 45001, and that was one of the two best sources I found for keeping up to date on 45001. I caught a good seminar at an ASSE/ASSP national conference, and then your LinkedIn group, those were my two primary sites, so thank you very much for that and I recommend people check that LinkedIn group out. And again, that LinkedIn group helped me as well, because for my work on ANSI, so I’ve been not only learning from you but copying from you in releasing updates on the creation of the standard to the general reading public. So thank you very much and we hope everyone stays tuned for the second webinar about implementing 45001.

Chris: Thank you, Jeff, it’s been a pleasure.

Conclusion: ISO 45001, the Global Standard for Occupational Safety and Health Management

We hope you enjoyed this introduction to ISO 45001 and we encourage you to stay tuned for the second interview with Chris Ward, in which he’ll give some tips for implementing 45001.

Here’s the recorded video of this discussion.

Please use the comments section below if you’ve got any additional questions about 45001.


Free Download–Guide to Risk-Based Safety Management

Download this free guide to using risk management for your occupational safety and health management program.

Download Free Guide


Want to Know More?

Reach out and a Vector Solutions representative will respond back to help answer any questions you might have.