Target Keywords: ISO 45001 safety policy, OHS policy ISO 45001 Word Count: ~2,500 Schema: FAQPage
How to Write an ISO 45001 Safety Policy
If you're building an occupational health and safety management system (OHSMS) around ISO 45001, your safety policy is the single most important document you'll write. It sets the tone for everything that follows — your objectives, your procedures, your culture. Get it wrong, and your entire system sits on a shaky foundation. Get it right, and you have a living document that actually drives organizational behavior.
This guide walks you through exactly what ISO 45001 requires in a safety policy, how to write one that satisfies auditors, and — more importantly — how to write one that actually works.
What Is an ISO 45001 Safety Policy?
An ISO 45001 safety policy (also called an OHS policy under the standard) is a formal, documented statement from top management that declares the organization's commitments to occupational health and safety. It's not a procedural document. It doesn't describe how you manage safety — it declares why your organization takes safety seriously and what you commit to doing about it.
Think of it as your organization's safety constitution. Everything in your OHSMS — your risk assessments, your objectives, your corrective actions — should be traceable back to the commitments made in this document.
The ISO 45001 safety policy is required by Clause 5.2 of the standard. It falls under Section 5 (Leadership and Commitment), which is intentional. ISO 45001 is explicit: safety leadership starts at the top, and the policy is top management's signed commitment to the people doing the work.
Why the Safety Policy Matters More Than You Think
Many organizations treat their ISO 45001 safety policy as a checkbox — something to write once, laminate, hang on the wall, and forget. That's a costly mistake. Auditors can spot a hollow policy from a mile away, and more importantly, workers can too.
A meaningful OHS policy under ISO 45001 does several things simultaneously:
- Anchors your objectives. Clause 6.2 requires that OH&S objectives be consistent with the OH&S policy. If your policy is vague, your objectives will be too.
- Signals cultural commitment. Workers and contractors watch what leadership actually does. A specific, credible policy signals that leadership is serious.
- Provides audit evidence. During a certification audit, your policy is one of the first documents a third-party auditor reviews. It sets their expectations for everything they evaluate afterward.
- Drives continual improvement. The policy must include a commitment to continual improvement (more on that below). That commitment should cascade into measurable objectives and management reviews.
What Must Be Included: The ISO 45001 Clause 5.2 Requirements
ISO 45001 Clause 5.2 specifies exactly what your OHS policy must include. There's no ambiguity here — these are hard requirements. Your policy must:
1. Be Appropriate to the Purpose and Context of the Organization
Your policy can't be generic boilerplate downloaded from the internet. It must reflect who you are — your industry, your hazards, your size, and your operational context. A construction company's safety policy should look and feel different from a pharmaceutical manufacturer's. If an auditor could swap your policy with any other company's and it would still make sense, you need to rewrite it.
2. Provide a Framework for Setting OH&S Objectives
The policy doesn't need to list specific objectives — those live in Clause 6.2. But it must establish a framework that makes objective-setting possible. This typically means referencing the types of performance areas you'll measure and improve.
3. Include a Commitment to Satisfy Legal and Other Requirements
Your policy must explicitly commit to complying with applicable legal requirements and any other requirements your organization subscribes to. This might include industry standards, contractual obligations, or voluntary codes of conduct.
4. Include a Commitment to Eliminate Hazards and Reduce OH&S Risks
This is one of ISO 45001's most distinctive requirements. The standard uses a hierarchy of controls approach, and your policy must reflect that. You're not just managing risks — you're committed to eliminating hazards where practicable and reducing risks where elimination isn't possible.
5. Include a Commitment to Continual Improvement of the OHSMS
Your policy must commit to ongoing improvement — not just maintaining the status quo. This connects directly to management review (Clause 9.3) and the Plan-Do-Check-Act cycle that underpins the entire standard.
6. Include a Commitment to Consultation and Participation of Workers
This is another hallmark of ISO 45001 that distinguishes it from older safety standards. Workers must be consulted and allowed to participate in the OHSMS. Your policy needs to explicitly commit to this — and your practices need to actually reflect it.
Step-by-Step: How to Write Your ISO 45001 Safety Policy
Here's a practical process for writing an effective OHS policy that satisfies ISO 45001 requirements and actually drives organizational behavior.
Step 1: Understand Your Context First
Before you write a single word of your policy, you need to have completed (or at least started) the work in Clause 4 — understanding your organization and its context. This means:
- Identifying internal and external issues relevant to your OHSMS (Clause 4.1)
- Understanding the needs and expectations of workers and other interested parties (Clause 4.2)
- Determining the scope of your OHSMS (Clause 4.3)
Your policy must be grounded in this context. If you haven't done this work yet, your policy will be generic by default.
Step 2: Involve Top Management — Not Just for Signatures
Clause 5.1 requires top management to demonstrate leadership and commitment to the OHSMS. That means the safety policy shouldn't be written by your safety officer and then handed to the CEO for a signature. Top management should be involved in shaping it.
This doesn't mean the CEO needs to write every word. But it does mean that leadership should review draft language, understand what they're committing to, and ideally be able to speak to the policy's content if an auditor asks.
When leaders are genuinely involved, the policy reflects real organizational priorities — not just compliance language.
Step 3: Address All Six Clause 5.2 Requirements Explicitly
Work through each requirement systematically. Use a simple checklist to make sure nothing is missed:
- [ ] Is the policy appropriate to our specific context and hazards?
- [ ] Does it provide a framework for setting OH&S objectives?
- [ ] Does it commit to satisfying legal and other requirements?
- [ ] Does it commit to eliminating hazards and reducing OH&S risks?
- [ ] Does it commit to continual improvement of the OHSMS?
- [ ] Does it commit to consultation and participation of workers?
Each commitment should appear in the document, ideally in plain language that workers can actually understand.
Step 4: Write in Plain Language
Your safety policy must be available to workers (Clause 5.2 says so). That means it needs to be readable. Avoid bureaucratic language, excessive acronyms, and ISO jargon. Write at a level appropriate for your workforce.
Plain language also makes it harder for the policy to be vague. Vague language ("we are committed to safety excellence") can't be acted on. Specific language ("we commit to consulting workers before making changes to tasks and work environments that affect their safety") creates accountability.
Step 5: Keep It Concise and Focused
There's a temptation to put everything into the policy — detailed procedures, specific targets, lists of every regulation you comply with. Resist this. The policy should be one to two pages maximum. Specific procedures belong in documented procedures. Targets belong in your OH&S objectives. The policy is a declaration of commitments, not an operational guide.
Step 6: Get It Signed and Dated
The policy must be signed by top management — typically the highest-ranking leader with authority over the OHSMS scope. Include a date. This establishes accountability and creates a record for version control.
Step 7: Communicate, Display, and Make It Available
Clause 5.2 requires that the policy be:
- Available as documented information
- Communicated within the organization
- Available to interested parties as appropriate
- Reviewed periodically for continuing suitability
Communicate the policy at onboarding, post it in visible locations, include it in training, and reference it in toolbox talks. If workers don't know what the policy says, it's not doing its job.
Common Mistakes to Avoid
After working with organizations on ISO 45001 implementation and certification, Jared Clark and the team at Certify Consulting see the same policy mistakes come up repeatedly in pre-assessment reviews:
Mistake 1: Copying a Generic Template Without Customization
Templates can be useful starting points, but they become a liability if organizations treat them as finished products. Auditors will immediately probe whether your policy reflects your actual hazards and context. If it doesn't, you'll face nonconformances.
Mistake 2: Missing the Worker Participation Commitment
Many organizations still think of safety as a top-down function. ISO 45001 fundamentally changed that. The commitment to worker consultation and participation isn't optional — it's a hard requirement. Make it explicit in your policy, and make sure your practices back it up.
Mistake 3: Not Updating the Policy After Significant Changes
If your organization changes significantly — new locations, new operations, acquisitions, changes in senior leadership — your policy may need to be reviewed and updated. An outdated policy can be evidence of a failing management system during an audit.
Mistake 4: Confusing the Policy with Objectives
The policy is not the place to set measurable targets. "We will reduce recordable injuries by 20% this year" belongs in your OH&S objectives register, not your policy. The policy establishes commitments and a framework — the objectives operationalize those commitments with specific, measurable targets.
Mistake 5: Burying It Where Workers Can't Find It
If your safety policy lives only in a folder on a shared drive that only the safety manager accesses, it isn't doing its job. ISO 45001 requires that it be communicated to workers and available to interested parties. Make it visible, accessible, and referenced regularly.
What a Strong ISO 45001 Safety Policy Looks Like
Here's a condensed example of what effective policy language looks like. This isn't a template to copy verbatim — it's an illustration of the style, specificity, and tone that works.
[Organization Name] is committed to providing a safe and healthy workplace for all workers, contractors, and visitors. As a [industry type] organization operating [describe operations], we recognize that [describe specific hazard context relevant to your work].
We commit to:
- Complying with all applicable legal requirements and other requirements related to occupational health and safety - Identifying hazards, assessing risks, and applying the hierarchy of controls to eliminate hazards and reduce OH&S risks to the lowest practicable level - Consulting with and involving workers in all aspects of our OH&S management system, including decisions that affect their health and safety - Establishing, implementing, and reviewing OH&S objectives that reflect our commitment to continual improvement - Providing the resources, training, and information necessary for workers to actively participate in our OHSMS - Continually improving the effectiveness of our occupational health and safety management system
This policy is reviewed [annually / upon significant organizational change] and communicated to all persons working under our organization's control.
[Signature] [Title] [Date]
Notice what this example does: it references the organization's specific context, it uses action-oriented language for each commitment, and it hits every Clause 5.2 requirement without becoming a procedural document.
Connecting Your Policy to the Rest of Your OHSMS
Your ISO 45001 safety policy doesn't exist in isolation. Here's how it connects to the rest of your management system:
- Clause 4 (Context) informs the policy's content — your context shapes what commitments are relevant
- Clause 6.2 (OH&S Objectives) must be consistent with your policy — objectives operationalize your policy commitments
- Clause 7.3 (Awareness) requires workers to be aware of the policy and understand how their work contributes to it
- Clause 9.3 (Management Review) must consider whether the policy remains suitable — review meeting agendas should include a policy suitability check
- Clause 10.3 (Continual Improvement) is directly tied to the improvement commitment in the policy
Think of the policy as the root node of your OHSMS tree. Everything branches from it. If the root is weak, the whole tree suffers.
How Certify Consulting Can Help
If you're building your ISO 45001 OHSMS from the ground up — or if you're preparing for a certification audit and want to make sure your policy holds up under scrutiny — Certify Consulting works with organizations at every stage of ISO 45001 implementation. Jared Clark and the Certify Consulting team specialize in helping organizations translate ISO 45001 requirements into practical, operational systems that actually improve safety outcomes — not just pass audits.
Whether you need a gap assessment, policy development support, or full implementation guidance, working with an experienced consultant can dramatically reduce the time it takes to get to certification and significantly lower the risk of audit nonconformances.
Frequently Asked Questions
What must be included in an ISO 45001 safety policy?
Under ISO 45001 Clause 5.2, the OHS policy must include: a commitment to satisfy applicable legal requirements and other requirements; a commitment to eliminate hazards and reduce OH&S risks; a commitment to continual improvement of the OHSMS; and a commitment to consultation and participation of workers. It must also be appropriate to the organization's context and provide a framework for setting OH&S objectives.
How long should an ISO 45001 safety policy be?
There's no prescribed length, but most effective ISO 45001 safety policies are one to two pages. The policy should be concise enough for workers to read and understand, while specific enough to reflect the organization's actual context and hazard environment. Avoid turning the policy into a procedural document — that's not its purpose.
Does the ISO 45001 safety policy need to be signed by top management?
Yes. While ISO 45001 doesn't explicitly state that the policy must be signed, it does require the policy to be established by top management (Clause 5.2) and that top management demonstrates leadership and commitment (Clause 5.1). In practice, certification auditors expect a signature and date from senior leadership as evidence of that accountability.
How often should the ISO 45001 safety policy be reviewed?
ISO 45001 Clause 5.2 requires that the policy be reviewed for continuing suitability. Most organizations review the policy annually or whenever significant organizational changes occur — new operations, acquisitions, leadership changes, or major incidents. The management review process (Clause 9.3) is a natural trigger for this review.
Can we use a generic ISO 45001 policy template?
Templates can provide a useful starting structure, but they should never be used without significant customization. ISO 45001 requires that the policy be appropriate to the organization's specific purpose and context. A generic template that isn't tailored to your industry, hazards, and operational environment will be flagged by auditors and won't drive meaningful safety behavior within your organization.
What's the difference between an OH&S policy and OH&S objectives?
The OH&S policy establishes your organization's high-level commitments to occupational health and safety — it answers the question of what you commit to. OH&S objectives (Clause 6.2) are specific, measurable targets that operationalize those commitments — they answer the question of how much and by when. The objectives must be consistent with the policy, but they're separate documented information.
Who should have access to the ISO 45001 safety policy?
ISO 45001 Clause 5.2 requires that the policy be available to workers and, where applicable, to relevant interested parties such as contractors, suppliers, and customers. It should be communicated to all persons working under the organization's control and displayed or distributed in a way that ensures genuine awareness — not just theoretical availability.
Summary
Writing an effective ISO 45001 safety policy is straightforward when you understand what the standard actually requires. Ground your policy in your organizational context, commit to all six requirements of Clause 5.2, write in plain language that workers can understand, and connect it visibly to the rest of your OHSMS. Avoid the trap of treating it as a compliance checkbox — a well-written OHS policy under ISO 45001 is one of your most powerful tools for building a safety culture that holds up long after the certification auditors leave.
This article was developed by the ISO 45001 Expert team. For hands-on guidance with ISO 45001 implementation, including safety policy development and certification preparation, contact Jared Clark at Certify Consulting.
Jared Clark
Principal Consultant, JD, MBA, PMP, CMQ-OE
Jared Clark is the founder of Certify Consulting and a recognized expert in occupational health and safety management systems. With credentials including JD, MBA, PMP, CMQ-OE, CPGP, CFSQA, and RAC, Jared helps organizations implement ISO 45001 and build safety cultures that protect workers and drive business results.