Product & Regulatory

ISO 45001 — safer work, proven by system.

A health and safety management system that replaces checklist compliance with risk-based control, worker consultation, and leadership ownership of outcomes.

Request a readiness assessment Our approach

What it is

An occupational health and safety management-system standard.

ISO 45001 is the first ISO standard for occupational health and safety management. It replaced the earlier OHSAS 18001 framework and aligns safety management with the same high-level structure used by ISO 9001 and 14001 — making integrated management systems substantially easier.

The standard shifts emphasis from reactive hazard control towards proactive risk-based thinking and explicit worker participation. The certificate is independent evidence that the system exists, that leadership is accountable for its performance, and that the workforce has a meaningful voice in how safety is run.

Who needs it

Operations where safety failures cost people, licences, or contracts.

Manufacturing, construction, oil and gas, logistics, mining, heavy engineering, and chemical processing are the core adoption sectors. Service firms with field operations — installation, maintenance, hospitality — increasingly pursue certification as their client contracts require demonstrable OH&S management. Where regulation has historically driven safety activity, ISO 45001 helps organisations move from "we met the inspection" to "we run a system".

Benefits

What a well-built BIFMA system earns you.

Lower incident rates.

A well-run risk control process identifies hazards earlier, escalates near-misses honestly, and makes corrective action a habit rather than an event.

Regulatory defensibility.

Documented risk assessments, training records, and consultation evidence give the organisation a strong position in the event of regulatory inspection or litigation.

Contractual eligibility.

Principal contractors, EPC clients, and international buyers often require ISO 45001 or equivalent as a condition of working on site.

Worker voice.

The standard mandates consultation and participation of workers — not just management representatives. Done properly, this changes the safety culture, not just the paperwork.

Insurance and financing.

Insurers and lenders increasingly price risk on the quality of an organisation's safety management system rather than purely on its incident history.

Integration ready.

The shared high-level structure with ISO 9001 and 14001 makes an integrated QMS-EMS-OH&S programme the most economical path when two or more are required.

Requirements, in outline

What the standard actually asks of you.

Clause 4 requires the organisation to understand its context and the needs of interested parties — including workers and their representatives — and to define the scope of the OH&S management system. Clause 5 places leadership at the centre: top management must demonstrate accountability for the prevention of work-related injury and ill health. Worker participation and consultation must be actively supported, not merely permitted.

Clause 6 covers hazard identification, assessment of OH&S risks and opportunities, determination of legal and other requirements, and OH&S objectives. Clause 7 addresses resources, competence, awareness, communication, and documented information. Clause 8 drives operational planning and control, including management of change, procurement, contractors, outsourcing, and — critically — emergency preparedness and response. Clause 9 covers performance evaluation; Clause 10 covers incident response, non-conformity, corrective action, and continual improvement.

Our approach

Five stages, from discovery to certificate.

OH&S scoping

Walk the operations, review incident history and legal registers, and interview worker representatives to baseline where the current system stands against the standard.

Risk & legal register

Workshop-driven hazard identification and risk assessment with the teams who actually do the work. Legal register built with a health and safety lawyer where jurisdictionally useful.

Controls & training

Operational controls for high-risk activities, contractor management, permit-to-work, emergency response. Training matrix aligned to competence requirements per role.

Internal audit & drills

Full internal audit, emergency drills, and management review conducted to the depth a certification auditor will apply at Stage 2.

Certification audit

Attendance at Stage 1 and Stage 2, findings response coaching, and support through the first surveillance audit.

Timeline & investment

Honest ranges, not placeholder pricing.

A single-site industrial operation typically reaches Stage 2 in ten to sixteen weeks from engagement start. Construction and field-services businesses often take longer — not because the standard is harder, but because evidence has to be gathered across distributed project sites and contractors.

Fees depend on site count, hazard complexity, and whether internal audits are delivered by our team or by yours. We quote after the initial gap analysis. Certification body audit fees are separate and billed directly by the body.

Frequently asked

Questions we answer on most BIFMA calls.

OHSAS 18001 was withdrawn in 2021. Any current certificate is under ISO 45001 by now; if yours is not, you have a gap that needs addressing urgently. Migration planning is a common first engagement.

Meaningfully deep. Auditors look for evidence that workers — not just supervisors — have been consulted on hazard identification, risk assessment, incident investigation, and the design of the system. Rubber-stamp committees do not pass.

Yes, but the scope on the certificate must be unambiguous. Selective scoping that excludes higher-risk operations can undermine the credibility of the certificate with customers and insurers.

The standard uses "incident" as an umbrella that includes injury, ill health, and near-misses. Investigation depth is expected to match severity and potential, not actual outcome.

Yes, where contractors work on your premises or under your direction. Clause 8 explicitly addresses procurement, contractors, and outsourced work. Failing to manage contractors is one of the most common findings at certification.

Related services

Get a readiness assessment for ISO 45001.

Half a day with a senior consultant, a clause-level gap report, and a candid timeline. No commitment beyond the assessment itself.

Request assessment