ISO 45002:2023 guidelines for the implementation of ISO 45001:2018

ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISO’s adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 283, Occupational health and safety management.
Any feedback or questions on this document should be directed to the user’s national standards body. A complete listing of these bodies can be found at www.iso.org/members.html.
Introduction
An organization is responsible for the occupational health and safety (OH&S) of its workers. This responsibility includes promoting and protecting their physical and mental health. The organization is also responsible for taking steps to protect others who can be affected by its activities. This is best achieved through an OH&S management system.
The purpose of an OH&S management system is to provide a framework for managing OH&S risks and opportunities, and for managing risks and opportunities to the management system itself. The intended outcomes of the OH&S management system are to continually improve the OH&S performance, to fulfil legal requirements and other requirements, and to achieve the OH&S objectives.
This document gives guidance on how to implement the requirements in ISO 45001:2018 in any type of organization and should be used in conjunction with ISO 45001:2018. Where ISO 45001:2018 states what needs to be done, this document expands on that and gives guidance, including real-life cases, on how it can be done. A complement to this general guidance is a handbook, see Reference [2].
The intention of ISO 45001:2018 is to enable organizations to protect all workers from injury and ill health, regardless of individual characteristics. This document provides additional guidance on how to ensure the specific needs of individuals and groups of workers are addressed, recognizing that a generic approach to OH&S management can lead to the needs of different genders, age and minority groups not being fully addressed.
Many requirements of ISO 45001:2018 contain terms such as “as appropriate”, “as applicable” or “relevant”. These terms signal that the organization should determine whether and how the requirement pertains to the organization, taking into account its conditions, processes or context. In this document, the meaning of these terms is as follows:
— “as appropriate” means suitable or proper in the circumstances and implies some degree of freedom, i.e. it is up to the organization to decide what to do;
— “as applicable” means possible to apply and implies that if it can be done, it should be done;
— “relevant” means directed and connected to the subject, i.e. pertinent.
The OH&S management system approach applied in this document is founded on the concept of Plan-Do-Check-Act (PDCA). The PDCA concept is an iterative process used by organizations to achieve continual improvement. It can be applied to an OH&S management system and to each of its individual elements, as follows:
a) Plan: determine and assess OH&S risks, OH&S opportunities and other risks and other opportunities that can influence the intended outcomes of the OH&S management system and establish OH&S objectives and processes necessary to deliver results in accordance with the organization’s OH&S policy.
b) Do: implement the processes as planned.
c) Check: monitor and measure activities and processes with regard to the OH&S policy and OH&S objectives and report the results.
d) Act: take actions to continually improve the OH&S performance to achieve the intended outcomes.
The PDCA concept and relationship to this document is shown in Figure 1.
Figure 1 — Relationship between PDCA and the framework in this document

NOTE The numbers given in brackets refer to the clause numbers in this document.

1 Scope
This document gives guidance on the establishment, implementation, maintenance and continual improvement of an occupational health and safety (OH&S) management system that can help organizations conform to ISO 45001:2018.
NOTE 1 While the guidance in this document is consistent with the ISO 45001:2018 OH&S management system model, it is not intended to provide interpretations of the requirements in ISO 45001.

NOTE 2 The use of the term “should” in this document does not weaken any of the requirements in ISO 45001:2018 or add new requirements.

NOTE 3 For most of the clauses in this document, there are real-life cases on how different types of organizations have implemented the requirements. These are not intended to suggest the only or best way to do this, but to describe one way this was done by an organization.

2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 45001:2018, Occupational health and safety management systems — Requirements with guidance for use 

 
viewpoint
New Standards
Quick Links