ISO 45001 Clauses Explained: What Each Requirement Actually Means

ISO 45001 follows the same ten-clause structure as ISO 9001 and ISO 14001, but the content behind those clause numbers is distinctly different. Clauses 1 through 3 are administrative - scope, normative references, and terms. The requirements that matter start at Clause 4 and run through Clause 10. If you've worked with other ISO management system standards, the structure will feel familiar. The substance won't - because 45001 is built around one idea the others aren't: that the people doing the work are the most important source of information about what can go wrong.

This walkthrough covers every requirement clause in plain language - what the standard is asking for, what it looks like in manufacturing and industrial operations, and where companies consistently get tripped up.

Clause 4: Context of the Organization

Clause 4 asks you to understand your organization's context before building your OH&S management system. Who are your interested parties - workers, contractors, regulators, customers, unions, neighboring communities? What do they need or expect regarding occupational health and safety? What internal and external issues affect your OH&S performance - workforce demographics, shift patterns, physical environment, regulatory landscape, industry incident trends?

This is also where you define your scope. What sites, activities, and workers does the system cover? A single-site manufacturer has a straightforward scope. A field services company with crews deployed across multiple customer sites in different states needs to think carefully about whether those remote locations are in or out - and the implications either way. Getting scope wrong at this stage creates audit problems later.

The output from Clause 4 is typically a documented scope statement and a list of interested parties with their OH&S needs. One thing auditors check that catches people off guard: worker expectations. Your interested parties list needs to include the workers themselves, not just regulators and customers.

Clause 5: Leadership and Worker Participation

This is where 45001 starts to diverge from other standards. Clause 5 has two distinct parts: leadership commitment (5.1-5.3) and worker participation (5.4). Most standards have leadership requirements. ISO 45001 is the only one that gives worker participation its own dedicated clause - and auditors treat it accordingly.

On the leadership side, Top Management has to demonstrate active commitment - not just sign an OH&S Policy and disappear. They need to ensure the system is integrated into business processes, provide resources, communicate why OH&S matters, and protect workers from reprisals when they report hazards or refuse unsafe work. That last point is explicit in the standard and auditors ask about it.

The OH&S Policy (5.2) needs commitments to providing safe and healthy working conditions, eliminating hazards and reducing risks, compliance with legal requirements, and Continual Improvement. It also needs to include a commitment to consultation and participation of workers - the standard makes you put this in writing at the policy level.

Clause 5.4 - worker consultation and participation - is where most companies have the biggest gap. Having a safety committee isn't enough. The standard requires that non-managerial workers are consulted on determining interested parties, establishing the OH&S Policy, assigning roles, and identifying training needs. They must participate in determining hazard identification mechanisms, investigating incidents, and establishing OH&S objectives. This isn't optional. An auditor will ask your floor workers whether they've been involved, and if the answer is a blank stare, that's a finding.

Clause 6: Planning

Clause 6 is where the real safety work begins. It covers three areas: actions to address risks and opportunities (6.1), OH&S objectives (6.2), and planning for changes (6.3).

Clause 6.1 includes hazard identification (6.1.2), which is arguably the most important requirement in the entire standard. Your process for identifying hazards must be proactive and ongoing - not a one-time exercise. It needs to consider how work is organized, routine and non-routine activities, past incidents, potential emergencies, all people who access the workplace including contractors and visitors, and changes or proposed changes to operations. Don't overlook psychosocial hazards either - ISO 45001 Annex A explicitly includes workplace stress, fatigue, bullying, and workplace violence as hazards that need to be identified and assessed alongside physical ones. The standard doesn't prescribe a specific tool - a risk assessment register, job hazard analyses, or a combination can work depending on your operation's complexity. What matters is that the process is systematic, documented, and actually used to drive controls. Keep it proportionate to your risk profile.

Risk assessment (6.1.2.2) and determining legal requirements (6.1.3) round out the planning clause. You need to identify which OH&S regulations apply to your operations, maintain access to current requirements, and determine how they apply. For companies operating across multiple jurisdictions - particularly field services organizations working in different states or provinces - this is a significant ongoing effort.

OH&S objectives (6.2) need to be measurable, monitored, communicated, and updated. 'Improve safety' isn't an objective. 'Reduce recordable incidents by 20% by year-end through enhanced near-miss reporting and monthly safety walks' is. Set objectives you can actually track with data you already collect or can realistically start collecting.

Clause 7: Support

Clause 7 covers the infrastructure your OH&S system needs: resources (7.1), competence (7.2), awareness (7.3), communication (7.4), and documented information (7.5).

Competence requirements in 45001 carry particular weight because incompetence in OH&S has life-altering consequences. Workers performing tasks that could affect OH&S performance must be competent through education, training, or experience. This is especially critical for roles like crane operators, confined space entrants, electrical workers, and anyone managing hazardous energy. A sign-in sheet doesn't prove competence - practical demonstration does.

Awareness (7.3) requires that all workers understand the OH&S Policy, know about relevant hazards and risks, understand their right to remove themselves from work situations they believe present an imminent danger, and know how to report concerns without fear of reprisal. That right-to-refuse language is unique to 45001 and auditors specifically check that workers are aware of it.

Communication (7.4) must cover both internal and external channels. Internally, workers need to know how to report hazards, near misses, and incidents. Externally, you need processes for communicating with regulators, contractors, and emergency services. Documentation requirements follow the same pattern as other ISO standards - create and maintain what the standard requires, control it, and make sure people are working from current versions.

Clause 8: Operation

Clause 8 turns planning into action. Operational planning and control (8.1) means implementing the controls identified through your hazard identification and risk assessment process. This includes establishing and implementing controls using the hierarchy of controls - elimination, substitution, engineering controls, administrative controls, and PPE, in that order. The hierarchy isn't a suggestion. Auditors expect to see evidence that you considered higher-level controls before defaulting to PPE and procedures.

Management of change (8.1.3) requires you to control planned and unplanned changes that affect OH&S performance - new processes, new chemicals, organizational changes, equipment modifications, changes in legal requirements. Many companies have change management for quality but don't extend it to safety implications.

Procurement (8.1.4) covers contractor management, outsourcing, and purchasing. If contractors work on your site, their OH&S performance is your responsibility under the standard. You need to coordinate activities, communicate hazards, and verify competence. This is one of the most common audit findings - companies bring in contractors without adequate orientation, hazard communication, or competence verification.

Emergency preparedness (8.2) requires identifying potential emergencies, establishing response procedures, testing them periodically, and learning from both drills and actual events. For manufacturing, this covers chemical spills, equipment failures, fires, medical emergencies, and natural disasters. For field services, add vehicle incidents, remote site emergencies, and weather events. You need evidence of drills, not just a plan in a binder.

Clause 9: Performance Evaluation

Clause 9.1 requires monitoring, measurement, analysis, and evaluation. What are you measuring to know if your OH&S performance is improving? Leading indicators (safety walks, near-miss reports, training completion) tell you if your system is working. Lagging indicators (injury rates, lost time, TRIR) tell you if it isn't. The standard expects both. You also need to evaluate compliance with legal requirements on a planned basis - not just assume you're compliant because nobody has been cited.

Internal Audit (9.2) should cover the full OH&S management system at planned intervals. Auditors who only check documentation miss the point. Your audit program needs to get out of the conference room and verify that hazard controls are actually implemented on the floor, that workers understand emergency procedures, and that near-miss reports are being investigated - not just filed.

Management Review (9.3) brings leadership back into the picture with a structured review of OH&S performance. Required inputs include audit results, compliance evaluation results, worker consultation and participation feedback, incident and Nonconformity trends, and progress toward objectives. The output should be decisions about resources, objectives, and system changes - not just a sign-off. If your Management Review minutes look the same every quarter, you're probably not reviewing deeply enough.

Clause 10: Improvement

Clause 10.1 covers incident investigation, Nonconformity, and Corrective Action. When something goes wrong - an incident, a near miss, a Nonconformity identified in an audit - the standard requires you to react, investigate the Root Cause, take Corrective Action, and verify effectiveness. The emphasis on Root Cause Analysis separates effective programs from ones that just address symptoms. If a worker gets injured because a guard was removed, the Root Cause isn't 'guard was removed.' It's why it was removed, why nobody noticed, and what systemic failure allowed it.

Continual Improvement (10.3) connects everything. Your hazard identification surfaces risks. Your objectives drive improvement targets. Your monitoring tells you how you're doing. Your audits verify the system works. Your Management Reviews make decisions. Your incident investigations and Corrective Actions close gaps. When all of these work together, you have a genuine OH&S management system - not just documentation that satisfies an auditor.

What Makes 45001 Different

If you've worked with ISO 9001 or ISO 14001, the structure of 45001 is familiar. The substance is different in three critical ways. First, worker participation isn't a nice-to-have - it's woven into almost every clause. Second, the hierarchy of controls is explicit and auditors expect to see it applied. Third, the stakes are fundamentally different. A quality Nonconformity might mean a defective product. An environmental Nonconformity might mean a fine. An OH&S failure can mean someone doesn't go home. That reality shapes how auditors approach the standard, and it should shape how you implement it.

If you're implementing ISO 45001 or preparing for a Certification Audit and want a practical assessment of where your system stands, we offer a free initial consultation to help you figure out the gaps and what to prioritize. You can also try our free ISO 45001 Gap Analysis tool for a quick preliminary self-assessment.