ISO 45001:2018
is the international standard for occupational health and safety management
systems. It replaced OHSAS 18001 in March 2021 (the migration deadline) and has
become the global benchmark for organisations that want to demonstrate
systematic, structured management of workplace health and safety. More than
400,000 organisations worldwide have adopted ISO 45001 or are in the process of
implementation, and the number grows every year as clients, regulators, and
insurers increasingly reference the standard as evidence of safety management
maturity.
Implementing
ISO 45001 is not a documentation exercise. It is a management transformation
that requires someone who understands both the standard's requirements and the
management competencies needed to translate those requirements into daily
practice. That someone is typically the safety manager, and the Certified
Health and Safety Manager (CHSM) from the American Institute of Safety
Professionals provides the management framework that maps directly onto ISO
45001's structure.
This guide
explains what ISO 45001 requires, how the CHSM's ten competency areas align
with the standard's clauses, what the safety manager's role is in the
implementation process, and why organisations that pursue ISO 45001 certification
need a CHSM-qualified safety manager to lead the effort.
What ISO 45001 Is and Why It Matters
ISO 45001 is a
management system standard. It does not prescribe specific safety rules (that
is the role of regulations like OSHA standards). Instead, it prescribes a
systematic framework for managing safety: how to identify hazards, assess
risks, set objectives, implement controls, measure performance, and drive
continuous improvement. The standard is based on the principle that a
well-managed safety programme produces better outcomes than an ad-hoc
collection of safety activities, regardless of the specific regulations that
apply.
The High-Level Structure (Annex SL)
ISO 45001
follows the High-Level Structure (HLS), also known as Annex SL, that is common
to all modern ISO management system standards. This means ISO 45001 shares the
same clause structure as ISO 9001 (quality management) and ISO 14001
(environmental management). The shared structure makes it easier for
organisations to integrate their safety, quality, and environmental management
systems into a single Integrated Management System (IMS), which is increasingly
the standard approach in industries like construction, manufacturing, and oil
and gas.
The ten clauses
of ISO 45001 are: Clause 1 (Scope), Clause 2 (Normative References), Clause 3
(Terms and Definitions), Clause 4 (Context of the Organisation), Clause 5
(Leadership and Worker Participation), Clause 6 (Planning), Clause 7 (Support),
Clause 8 (Operation), Clause 9 (Performance Evaluation), and Clause 10
(Improvement). Clauses 4 through 10 contain the "shall" requirements
that the organisation must meet for certification.
The PDCA Cycle
ISO 45001 is
built on the Plan-Do-Check-Act (PDCA) cycle, the fundamental management
improvement methodology that underpins all ISO management system standards.
Plan means establishing the OH&S objectives and the processes needed to
achieve them, based on the organisation's context, the needs of interested
parties, and the results of risk assessment. Do means implementing the planned
processes. Check means monitoring and measuring performance against the
objectives and reporting the results. Act means taking action to continually
improve OH&S performance based on what the monitoring and measurement
revealed.
The PDCA cycle
is not a one-time exercise. It is a continuous loop that drives ongoing
improvement. Every management review, every internal audit, every incident
investigation, and every corrective action feeds back into the cycle, refining
the system and improving performance over time. The CHSM programme teaches this
cyclical management approach as a core competency, which is why CHSM holders
understand ISO 45001 intuitively: the management framework is the same.
How the CHSM Maps to ISO 45001: Clause by Clause
The alignment
between the CHSM's ten competency areas and ISO 45001's clauses is not
coincidental. American Institute Of Safety Professionals designed the CHSM with management system principles embedded
throughout, ensuring that CHSM holders can lead ISO 45001 implementation with
confidence. Here is how each clause maps to CHSM content.
Clause 4: Context of the Organisation
ISO 45001
requires the organisation to understand internal and external issues that
affect OH&S (Clause 4.1), understand the needs and expectations of workers
and other interested parties (Clause 4.2), determine the scope of the OH&S
management system (Clause 4.3), and establish the OH&S management system
and its processes (Clause 4.4).
The CHSM's
safety management system design module covers exactly this: understanding the
organisational context in which the safety programme operates, identifying the
stakeholders whose needs the programme must address (workers, regulators,
clients, insurers, the community), defining the programme's scope, and
establishing the processes and documentation that make the system functional. A
CHSM holder approaching Clause 4 is applying competencies they have already
developed through the programme.
Clause 5: Leadership and Worker Participation
ISO 45001
requires top management to demonstrate leadership and commitment to the
OH&S management system (Clause 5.1), establish an OH&S policy (Clause
5.2), assign organisational roles, responsibilities, and authorities (Clause 5.3),
and ensure consultation and participation of workers (Clause 5.4).
The CHSM's
leadership and organisational influence module directly addresses these
requirements. The safety manager's role in ISO 45001 is to facilitate top
management's leadership commitment by making the business case for the
management system, presenting performance data that keeps leadership engaged,
and ensuring that the OH&S policy is not just a document on the wall but a
living statement that drives behaviour. The CHSM teaches safety managers how to
influence senior leadership, which is the practical skill behind Clause 5's
leadership requirements.
Worker
consultation and participation (Clause 5.4) is addressed through the CHSM's
safety culture module, which covers how to engage workers in safety
decision-making, how to build feedback mechanisms that capture worker input,
and how to create a culture where workers feel empowered to raise safety
concerns without fear of reprisal.
Clause 6: Planning
ISO 45001's
planning clause is one of the most substantive, covering hazard identification
and assessment of OH&S risks and opportunities (Clause 6.1.2),
determination of legal requirements and other requirements (Clause 6.1.3),
planning of actions to address risks and opportunities (Clause 6.1.4), OH&S
objectives and planning to achieve them (Clause 6.2), and planning of changes
(Clause 6.1.4, linking to management of change).
The CHSM's risk
management module covers the hazard identification and risk assessment
methodologies that Clause 6.1.2 requires: how to systematically identify
hazards across the organisation's activities, how to assess the likelihood and
severity of harm, how to evaluate opportunities for improvement, and how to
determine actions proportional to the risk. The CHSM's regulatory compliance
module covers Clause 6.1.3: how to identify applicable legal requirements (OSHA
standards, state regulations, international standards), how to maintain a
compliance register, and how to ensure the organisation meets its compliance obligations
continuously.
The
objective-setting process in Clause 6.2 is covered by the CHSM's performance
measurement module: how to set measurable safety objectives that are specific,
achievable, relevant, and time-bound, how to define leading and lagging indicators
to track progress, and how to allocate resources to achieve the objectives.
Clause 7: Support
ISO 45001
requires the organisation to determine and provide the resources needed for the
OH&S management system (Clause 7.1), ensure competence of workers (Clause
7.2), ensure awareness of the OH&S policy, objectives, and their
contribution (Clause 7.3), establish processes for communication (Clause 7.4),
and maintain documented information (Clause 7.5).
The CHSM's
budget and resource management module covers Clause 7.1: how to determine what
resources the safety programme needs and how to secure them through the
organisation's budgeting process. The training programme management module
covers Clauses 7.2 and 7.3: how to assess competence needs, design training
programmes to address gaps, and ensure workers are aware of their OH&S
roles and responsibilities. The documentation and communication aspects of
Clause 7 are covered throughout the CHSM programme as integral parts of
management system design.
Clause 8: Operation
ISO 45001
requires the organisation to plan, implement, control, and maintain processes
needed to meet OH&S management system requirements (Clause 8.1), including
elimination of hazards and reduction of OH&S risks using the hierarchy of
controls, management of change, procurement, and outsourcing. It also requires
emergency preparedness and response (Clause 8.2).
The CHSM's risk
management and safety management system design modules cover operational
planning and control: how to establish processes for managing hazards through
the hierarchy of controls (elimination, substitution, engineering controls,
administrative controls, PPE), how to manage change safely (a critical
requirement in industries like oil and gas and manufacturing where process
changes can introduce new hazards), and how to ensure that procurement and
contractor management do not introduce uncontrolled risks.
The CHSM's
emergency preparedness module covers Clause 8.2 comprehensively: how to
identify foreseeable emergency scenarios, develop response plans, conduct
drills, evaluate drill effectiveness, and maintain response capability.
Clause 9: Performance Evaluation
ISO 45001
requires the organisation to determine what needs to be monitored and measured,
the methods for monitoring and measurement, the criteria for evaluating
performance, and when monitoring and measurement shall be performed (Clause
9.1). It requires internal audit (Clause 9.2) and management review (Clause
9.3).
The CHSM's
performance measurement module is the most direct mapping to Clause 9. It
covers how to select leading and lagging indicators, how to establish
monitoring and measurement processes, how to analyse performance data to
identify trends and improvement opportunities, and how to present performance information
to management review. The CHSM also covers internal audit principles: how to
plan audits, conduct audits, report findings, and track corrective actions. For
safety managers who want deeper audit competency, American Institute Of Safety Professionals Safety Management System Evaluation course provides specialised audit methodology training.
Clause 10: Improvement
ISO 45001
requires the organisation to determine opportunities for improvement and
implement actions to achieve intended outcomes (Clause 10.1), manage incidents,
nonconformities, and corrective actions (Clause 10.2), and continually improve
the OH&S management system (Clause 10.3).
The CHSM's
incident investigation management module covers Clause 10.2: how to investigate
incidents and nonconformities, determine root causes using structured
methodologies (fault tree analysis, TapRooT, 5 Whys, Ishikawa), implement
corrective actions, and verify their effectiveness. The continuous improvement
philosophy that runs through the entire CHSM programme addresses Clause 10.3:
the PDCA cycle is not just a theoretical concept in the CHSM; it is the
management methodology that every module reinforces.
The Safety Manager's Role in ISO 45001 Implementation
When an
organisation decides to pursue ISO 45001 certification, the safety manager is
typically the management representative who leads the implementation project
from start to finish. The role involves multiple phases, each requiring
specific management competencies that the CHSM develops.
Phase 1: Gap Assessment
The
implementation begins with a gap assessment: comparing the organisation's
current safety management practices against ISO 45001's requirements to
identify what already meets the standard and what needs to be developed or
improved. The safety manager conducts this assessment using the standard's
clauses as the evaluation framework. The CHSM's knowledge of management system
design and performance evaluation provides the foundation for conducting a
thorough, structured gap assessment.
Phase 2: System Design and Documentation
Based on the
gap assessment, the safety manager designs the management system: defining the
processes, procedures, and documentation needed to meet the standard's
requirements. This includes developing the OH&S policy, defining
organisational roles and responsibilities, establishing hazard identification
and risk assessment processes, creating operational control procedures,
designing monitoring and measurement processes, establishing the internal audit
programme, and defining the management review process. The CHSM's management
system design module provides the framework for this phase.
Phase 3: Implementation
The safety
manager leads the implementation of the designed system: training workers and
managers on their roles, deploying new processes, establishing documentation
systems, and ensuring that the system operates as intended in the daily reality
of the workplace. This phase requires the leadership, communication, and
change-management skills that the CHSM's leadership module develops.
Implementation is where the system moves from paper to practice, and the safety
manager's ability to influence behaviour across the organisation determines
whether the system becomes a living management tool or a binder on a shelf.
Phase 4: Internal Audit and Management Review
Before the
external certification audit, the safety manager conducts one or more internal
audits to verify that the system meets ISO 45001's requirements and that the
system is being followed in practice. The results of the internal audit are
presented at a management review, where top management evaluates the system's
effectiveness and decides on improvement actions. The CHSM's performance
evaluation and leadership modules prepare the safety manager for both:
conducting rigorous audits and presenting results to senior leadership in a way
that drives commitment and action.
Phase 5: External Certification Audit
The external
certification audit is conducted in two stages by an accredited certification
body. Stage 1 is a documentation review: the auditor reviews the management
system documentation to confirm it addresses all ISO 45001 requirements. Stage
2 is an implementation audit: the auditor visits the workplace, interviews
workers and managers, observes processes in action, and verifies that the
system operates as documented. The safety manager coordinates both stages,
preparing the organisation, hosting the auditor, and managing any
nonconformities identified during the audit.
Phase 6: Ongoing Maintenance and Improvement
ISO 45001
certification is not a one-time achievement. It requires ongoing maintenance
through surveillance audits (typically annual), recertification audits
(typically every three years), continuous internal auditing, regular management
reviews, and ongoing improvement actions based on performance data, incident
investigation, and changing organisational context. The safety manager's role shifts
from implementation leader to system custodian, ensuring the system continues
to meet the standard's requirements and drives genuine improvement over time.
Why Organisations Pursue ISO 45001 Certification
Understanding
the drivers behind ISO 45001 adoption helps safety managers make the business
case for implementation, which is one of the most important management skills
the CHSM develops.
- Client and
contract requirements. Major project owners and clients increasingly
require their contractors and suppliers to hold ISO 45001 certification as a
condition of contract award. This is standard practice in construction (major
developers and government procurement bodies reference ISO 45001), oil and gas
(international operators require contractor ISO 45001 certification),
manufacturing (automotive OEMs require supply chain ISO 45001 certification),
and mining (major mining companies require contractor certification). For
organisations that sell to these clients, ISO 45001 certification is a business
necessity, not an optional extra.
- Regulatory
alignment. While ISO 45001 does not replace regulatory compliance (OSHA
standards still apply regardless of ISO certification), it provides a
systematic framework that supports compliance. Organisations with ISO 45001 systems
are better positioned to maintain compliance because the system's planning,
monitoring, and audit processes catch compliance gaps before regulators do.
Some regulators recognise ISO 45001 as evidence of due diligence, which can
influence enforcement decisions.
- Insurance
premium reduction. Insurance underwriters assess the quality of safety
management when calculating premiums. ISO 45001 certification demonstrates a
structured, audited management system that correlates with lower incident rates
and lower claims costs. The premium reduction can partially or fully offset the
cost of certification, creating a direct financial return.
- Competitive
advantage. In markets where ISO 45001 certification is not yet universal,
holding the certification differentiates the organisation from competitors. It
signals professionalism, commitment to worker safety, and management maturity
that clients, investors, and employees value.
- Genuine
safety improvement. Beyond the business case, ISO 45001's systematic
approach produces genuine safety improvement. The structured hazard
identification, risk assessment, performance measurement, and continuous
improvement cycle catches hazards that ad-hoc approaches miss, reduces
incidents over time, and creates a culture of proactive safety management.
Organisations that implement ISO 45001 authentically (not just for the
certificate) report measurable improvements in safety performance, worker
engagement, and operational efficiency.
CHSM Plus ISO 45001: The Career Advantage
Safety managers
who combine CHSM certification with demonstrated ISO 45001 implementation
experience hold one of the most valuable competency combinations in the
profession. The CHSM demonstrates management-level competency across all
aspects of safety management. ISO 45001 implementation experience demonstrates
the ability to apply that competency within the internationally recognised
management system framework. Together, they create a professional profile that
is in demand across every industry and every geography where ISO 45001 is
adopted.
Job postings
for safety managers increasingly reference ISO 45001: "experience with ISO
45001 implementation preferred," "knowledge of OH&S management
system standards required," or "lead auditor experience
desirable." The CHSM provides the management knowledge; your ISO 45001
implementation projects provide the practical experience. The combination makes
you a candidate that employers prioritise.
For safety
professionals who want to specialise in management system auditing, the CHSM
provides the management framework, American Institute Of Safety Professionals Safety Management System Evaluation
course provides the audit methodology, and the HSE Management System course
provides additional depth on integrated management system design.
The Integration Opportunity: ISO 45001 + ISO 14001 + ISO 9001
Because ISO
45001 shares the High-Level Structure with ISO 14001 (Environmental Management
Systems) and ISO 9001 (Quality Management Systems), many organisations
implement all three standards as an Integrated Management System (IMS). The
safety manager who understands the shared structure can lead or contribute to
IMS implementation, expanding their role from safety management to broader
organisational management.
The CHSM's
management system design module covers the principles that apply across all
three standards: context analysis, leadership commitment, risk-based thinking,
process approach, performance evaluation, and continual improvement. A CHSM
holder who leads ISO 45001 implementation is well-positioned to extend that competency
to ISO 14001 and ISO 9001, adding environmental and quality management to their
professional portfolio. This integration capability makes the safety manager
more valuable to the organisation and opens career paths beyond pure safety
management into broader operations management, quality management, and
organisational excellence roles.
Frequently Asked Questions
Does the CHSM include ISO 45001 lead auditor certification?
The CHSM covers
management system design, implementation, performance evaluation, and internal
audit principles as part of its comprehensive management curriculum. It does
not include a standalone lead auditor certification. For professionals who want
specialised audit competency, American Institute Of Safety Professionals Safety Management System Evaluation course
provides focused audit methodology training that complements the CHSM's
management framework.
Can I implement ISO 45001 with only the CHSM, or do I need additional
training?
The CHSM
provides the management framework that maps to ISO 45001's requirements. For
straightforward implementations in smaller organisations, the CHSM alone may be
sufficient. For complex implementations in large, multi-site, or high-risk
organisations, additional training in audit methodology and ISO 45001-specific
interpretation may be beneficial. The CHSM provides the management competency;
ISO 45001-specific courses add the standard-specific detail.
Is ISO 45001 certification mandatory?
ISO 45001
certification is voluntary. No regulation requires it. However, it is
increasingly a de facto requirement for organisations that want to win
contracts from major clients, reduce insurance premiums, and demonstrate safety
management maturity. The decision to pursue certification is a business
decision, not a regulatory obligation.
How long does ISO 45001 implementation take?
Implementation
timelines vary by organisation size and complexity. Small organisations with
existing safety programmes may achieve certification in 6 to 12 months. Large,
multi-site organisations may require 12 to 24 months. The safety manager's
competency in management system design (which the CHSM develops) is the single
biggest factor in implementation speed: a competent safety manager designs
efficient systems and avoids the over-documentation that slows many
implementations.
What is the difference between ISO 45001 and OHSAS 18001?
OHSAS 18001 was
the predecessor standard, replaced by ISO 45001 in 2018 with a migration deadline
of March 2021. Key differences include ISO 45001's adoption of the High-Level
Structure (enabling integration with ISO 9001 and 14001), stronger emphasis on
leadership and worker participation (Clause 5), inclusion of
"opportunities" alongside risks in planning (Clause 6), explicit
requirement for management of change, and stronger focus on organisational
context (Clause 4). Organisations previously certified to OHSAS 18001 have
migrated (or should have migrated) to ISO 45001.
Does ISO 45001 replace OSHA compliance?
No. ISO 45001
is a management system standard; OSHA standards are legal requirements. ISO
45001 Clause 6.1.3 explicitly requires the organisation to identify and comply
with applicable legal requirements, which includes OSHA standards. ISO 45001
provides the management framework; OSHA provides the regulatory requirements.
The two are complementary, not alternative. A CHSM-qualified safety manager
understands both.
ISO 45001 is
the global benchmark for safety management systems, and the organisations
adopting it need safety managers who can lead the implementation. The CHSM
provides the management competency that maps directly to ISO 45001's
requirements: system design, risk management, regulatory compliance,
performance measurement, leadership, and continuous improvement. If your career
involves implementing, maintaining, or auditing safety management systems, the
CHSM is the credential that demonstrates your readiness.
Register for free and start the CHSM programme today. ISO 45001 implementation starts with a
qualified safety manager, and the CHSM makes you that manager.
0 comments
No Comments