Back to Articles

Hazard Identification Under ISO 45001: Choosing the Right Tools for Each Situation

ISO 45001

By Trenton Steadman

9 min read|
Hazard Identification Under ISO 45001: Choosing the Right Tools for Each Situation

Most companies have multiple hazard assessment tools but no clarity on when to use which one. A practical three-tier framework for organizing hazard identification under ISO 45001.

Many industrial services and manufacturing company running an ISO 45001 implementation hit the same wall with hazard identification: too many tools, not enough clarity about which one to use when. A field services company I worked with had inherited a Safe Work Method Statement template, a set of draft Job Hazard Analyses that had never been finalized, and Field Level Hazard Assessments that the crews filled out daily. Three tools, three different formats, and supervisors picking whichever form was closest to what they needed. When new managers from US operations joined the team and saw the SWMS, they looked at colleagues like another language was being spoken. "That's our formal hazard assessment. Why don't you just call it that?"

That confusion is more common than you might think. Companies acquire tools from different sources - a parent company overseas, an industry contact with a template, a client requirement - and end up with a patchwork that nobody fully understands. ISO 45001 Clause 6.1.2 requires you to establish a process for hazard identification that's proactive and ongoing, but it doesn't prescribe specific tools. That flexibility is intentional, but it means you need to make deliberate choices about which tools serve which purpose.

What the Standard Actually Requires

Clause 6.1.2.1 lists what your hazard identification process must consider. It's a broad mandate:

  • How work is organized and social factors (workload, hours, harassment, bullying)

  • Routine and non-routine activities and situations

  • Past incidents (internal and external) and their causes

  • Potential emergency situations

  • People - including those with access to the workplace who aren't employees (contractors, visitors)

  • Changes or proposed changes in the organization, operations, or processes

  • Changes in knowledge about hazards

Often no single tool covers all of that well. That's why most companies end up with multiple assessment methods. The question isn't whether you need different tools - it's how to organize them so each one has a clear purpose and the right people know when to use it.

A Three-Tier Framework That Works

The most practical approach I've used across large manufacturing and field service operations organizes hazard assessment into three tiers, each answering a different question:

Tier 1 - Position-Level Hazard Assessment. This is the big-picture view. You identify every position in your organization, map the typical tasks each role performs, and use risk criteria to determine which tasks need a deeper dive. Think of it as the inventory: what positions do we have, what do those people do, and where are the higher-risk activities? This top-level document satisfies auditor expectations for comprehensive coverage and feeds directly into your Tier 2 work. If you're starting from scratch, a Gap Analysis can help identify which positions and activities carry the most risk. It gets reviewed annually or when roles change significantly.

Tier 2 - Task-Based Job Hazard Analyses (JHAs). These are formal, detailed assessments for specific higher-risk tasks identified in Tier 1. A JHA for "overhead crane operation" breaks down the sequence of steps, identifies hazards at each step (struck-by, pinch points, dropped loads), documents controls using the hierarchy of controls, and includes a risk rating both before and after controls are applied. JHAs get developed once for recurring task types, loaded into whatever system your teams use in the field, and reviewed when conditions or procedures change. Workers need proper training to understand and apply the JHA effectively. This is where the real hazard identification depth lives.

Tier 3 - Field Level Hazard Assessments (FLHAs). These are the quick, site-specific assessments workers complete before starting a task on a given day. The FLHA answers one question: what's different about today? Weather changed, new crew members, unfamiliar equipment on site, work happening overhead - the conditions that no pre-written JHA can predict. At that field services company, FLHAs were the one tool everybody already did well. One page, five minutes, done before the crew picks up a wrench. If the FLHA surfaces a hazard they can't control, they stop and escalate.

When to Use Which Tier

The breakthrough for that field services company came when we mapped each tier to a simple question:

  • "What are all the ways people could get hurt in this role?" - That's your Tier 1 position-level assessment. Done at the organizational level, reviewed in Management Review, updated when you add roles or change operations.

  • "How do we do this specific high-risk task safely every time?" - That's your Tier 2 JHA. Developed by people who understand both the work and the risks, reviewed by the workers who actually perform the task, and available in the field when the crew needs it.

  • "What's different about today?" - That's your Tier 3 FLHA. Completed by the worker doing the work, right before they start, at the actual location. Variable conditions, site-specific hazards, things that change day to day.

Once you frame it that way, the tool selection becomes obvious. A formal hazard register doesn't help a field worker assess a customer site they've never visited. An FLHA doesn't capture the systemic risks of a recurring manufacturing process. Each tier has a job. Confusion happens when companies try to use one tool for everything or can't articulate which tool serves which purpose.

A Note on Terminology

If you've encountered terms like SWMS (Safe Work Method Statement), JSA (Job Safety Analysis), or formal hazard assessment and aren't sure how they relate - you're not alone. The terminology varies by region and industry. SWMS is common in Australia and parts of Canada. JHA and JSA are more typical in the US. "Formal hazard assessment" is used broadly in Canadian COR programs. They're all trying to do the same thing: systematically identify hazards and controls for specific work activities.

What matters isn't what you call it. What matters is that your team knows what each tool is for, when to use it, and where to find it. If you're inheriting tools from a parent company or client that use unfamiliar terminology, rename them. The standard doesn't care what the form is called - it cares that the process works and that workers actually use it.

Common Mistakes

Over-engineering the FLHA. If your FLHA takes longer to fill out than the task itself, nobody's going to use it. I see this constantly - a three-page form with 40 checkboxes that takes 20 minutes to complete. Workers either rush through it without thinking or skip it entirely. One page. Five minutes. The goal is awareness, not documentation theater.

Never updating the Tier 1 assessment. Companies build a comprehensive position-level hazard assessment during implementation, file it, and never touch it again until the next audit. When a Near Miss reveals a hazard you hadn't identified, it should flow back up to the relevant tier. When you add a role or change a process, the position-level assessment needs updating. It's a living document.

Building JHAs without worker input. A JHA written entirely by the safety coordinator in an office misses the realities of the work. The workers who perform the tasks know which hazards are real, which controls are actually used, and which procedures get worked around. This is fundamental to building a real safety culture. ISO 45001 Clause 5.4 requires worker participation in hazard identification for exactly this reason. Have field crews validate the JHAs before you finalize them.

Confusing hazards with risks. A hazard is something with the potential to cause harm - a rotating machine part, a chemical, working at height. A risk is the combination of the likelihood of exposure and the severity of the resulting harm. I've seen companies rate everything as "high risk" because they conflated "this could kill someone" (hazard severity) with "this will probably kill someone" (actual risk after controls). Getting this distinction right up front saves you from over-engineering controls on minor hazards or under-assessing serious ones.

Getting Your Tools Organized

If you're starting from scratch or cleaning up a system that evolved without a clear plan, here's where to focus:

  • Inventory your existing tools. List every form, checklist, template, and register your company uses for hazard identification. Include anything inherited from parent companies, client requirements, or regulatory programs. You probably have more than you think.

  • Assign each tool to a tier. Which question does it answer - role-level coverage, task-specific hazards, or daily site conditions? If two tools answer the same question, consolidate. If no tool covers a tier, that's your gap.

  • Standardize the terminology. If your team uses three different names for the same type of assessment, pick one and stick with it. Use terms your workers actually recognize - not what a template from another country calls it.

  • Get worker input on what actually works. The safety coordinator's opinion of the JHA template matters less than the field crew's. If they're not using a tool, find out why before redesigning it.

  • Test it with a real scenario. Pick a recent Near Miss or incident and trace it through your tiered system. Did the existing tools catch the hazard? At which tier should it have been identified? If the system missed it, where did it break down?

What Auditors Look For

During a certification audit, the auditor will want to see:

  • A defined process for hazard identification (not just a list of hazards, but how you identify them)

  • Evidence that the process is proactive and ongoing, not a one-time exercise

  • Coverage of the Clause 6.1.2.1 considerations (routine/non-routine, contractors, emergencies, etc.)

  • Worker involvement in hazard identification activities

  • Evidence that identified hazards led to risk assessment and, where needed, controls

  • Records showing the process is maintained and updated when things change

The auditor isn't looking for perfection - they're looking for a system that works and gets used. A clear three-tier approach with defined purpose for each tool, evidence of worker participation, and assessments that get updated will satisfy the requirement far better than an elaborate system that exists only on paper.

If you're building your hazard identification process or trying to untangle a patchwork of inherited tools, we offer a free initial consultation to help you evaluate what's working and what needs restructuring.

Share this article:

LinkedInX-AppFacebook

Related Articles

iso-img
ISO 45001 Training Requirements: What the Standard Actually Says

Complete guide to ISO 45001 training requirements covering competence vs awareness, training matrices, and practical implementation strategies for occupational health and safety management systems....

iso-img
Worker Participation and Consultation: ISO 45001's Most Overlooked Requirement

ISO 45001 Clause 5.4 requires genuine worker participation, not just a safety committee. Practical mechanisms including Gemba Walks, huddles, and consultation....

iso-img
Contractor Safety Management Under ISO 45001

Learn how to implement effective contractor safety management under ISO 45001. Covers pre-qualification, on-site controls, communication, and practical implementation strategies....

Contact

Free initial consultation.

Phone

+1 833 I-GET-ISO+1 833 443 8476

Business Hours

Monday - Friday: 9:00 AM - 6:00 PM
Saturday: 10:00 AM - 2:00 PM
Sunday: Closed
(Central Time, UTC-6)