If your organization earned OHSAS 18001 certification, you already built something valuable — a structured occupational health and safety management system. But OHSAS 18001 was officially withdrawn in March 2021, and ISO 45001:2018 is now the only internationally recognized OH&S management system standard. Understanding what changed — and what it means for your operations — is essential whether you're completing a long-overdue transition or building from scratch on the new framework.
As someone who has guided more than 200 clients through management system certifications at Certify Consulting, I've seen organizations treat this transition as a minor document update and others treat it as a full organizational overhaul. The truth sits closer to the middle — there are genuinely significant structural and philosophical shifts in ISO 45001, but a disciplined approach makes the transition manageable.
Why OHSAS 18001 Was Replaced
OHSAS 18001 was a British Standards Institution (BSI) specification first published in 1999 and revised in 2007. It was never a true ISO standard — it was a privately developed specification that gained wide adoption due to the absence of an ISO alternative. By 2018, more than 90,000 organizations in over 127 countries held OHSAS 18001 certification, according to BSI data.
ISO 45001:2018 was developed to fill that gap with a rigorous, consensus-based international standard. ISO published the standard in March 2018 and gave organizations a three-year migration window. That window closed on March 11, 2021, after which all OHSAS 18001 certificates became invalid.
The replacement wasn't cosmetic. ISO 45001 introduced the High-Level Structure (HLS) — also called Annex SL — that aligns it with ISO 9001 (quality) and ISO 14001 (environment), enabling integrated management systems. More importantly, it shifted the philosophical foundation of OH&S management from reactive hazard control to proactive, organization-wide risk management.
Key Structural Differences: OHSAS 18001 vs. ISO 45001
| Feature | OHSAS 18001 | ISO 45001:2018 |
|---|---|---|
| Standard type | BSI specification | International ISO standard |
| Structure | Standalone, PDCA-based | High-Level Structure (Annex SL) |
| Integration with ISO 9001/14001 | Difficult | Designed for integration |
| Context of the organization | Not required | Clause 4 — explicit requirement |
| Worker participation | Consultation mentioned | Clause 5.4 — mandatory participation |
| Leadership commitment | General requirement | Clause 5.1 — top management accountability |
| Risk and opportunity management | Hazard-focused | Broader risks AND opportunities (Clause 6.1) |
| Interested parties | Limited scope | Clause 4.2 — explicitly required |
| Outsourced processes | Minimal guidance | Clause 8.1.4 — procurement/contractors addressed |
| Documented information | Specified documents/records | Flexible, risk-based documentation |
| Scope of "workers" | Employees primarily | All workers including contractors, volunteers |
The 10 Most Significant Changes in ISO 45001
1. Context of the Organization (Clause 4)
This is entirely new territory. ISO 45001 requires you to understand your organization's internal and external context — the business environment, regulatory landscape, cultural factors, and organizational values — and show how those factors shape your OH&S management system. OHSAS 18001 had no equivalent requirement.
In practice, this means conducting a structured context analysis, often using tools like PESTLE or SWOT, and documenting the factors that are relevant to your OH&S objectives.
2. Interested Parties (Clause 4.2)
ISO 45001 requires you to identify workers and other interested parties — regulators, customers, communities, contractors — and understand their needs and expectations as they relate to occupational health and safety. This is a significant expansion beyond the employee-centric focus of OHSAS 18001.
3. Top Management Leadership (Clause 5.1)
OHSAS 18001 required management commitment, but ISO 45001 clause 5.1 is more prescriptive. Top management must personally demonstrate leadership and commitment — not simply delegate it to a safety manager. This includes taking accountability for the effectiveness of the OH&S management system, ensuring OH&S objectives align with organizational strategy, and actively participating in audits and reviews.
This single clause is where I see the most gap during transition audits. Organizations often have excellent documentation but can't demonstrate top management engagement beyond a signed policy.
4. Worker Participation and Consultation (Clause 5.4)
ISO 45001 dedicates an entire clause to worker participation — not just consultation. Workers must have the opportunity to:
- Participate in hazard identification and risk assessment
- Contribute to incident investigations
- Identify barriers to participation
- Have non-managerial workers involved in OH&S committees
This goes well beyond OHSAS 18001's general requirement to consult workers on OH&S matters.
5. Risk AND Opportunity Management (Clause 6.1)
OHSAS 18001 was fundamentally hazard-focused — identify hazards, assess risk, control hazards. ISO 45001 retains that logic but adds a dual requirement: organizations must also identify and act on opportunities — chances to improve OH&S performance, reduce risk proactively, or improve worker wellbeing.
This is one of the most conceptually important shifts. Safety management moves from defensive mitigation to strategic improvement.
6. Objectives and Planning (Clause 6.2)
OHSAS 18001 required OH&S objectives, but ISO 45001 adds specificity: objectives must be measurable (where practicable), monitored, communicated, and updated. Plans to achieve objectives must address what will be done, what resources are needed, who is responsible, when it will be completed, and how results will be evaluated.
7. Competence, Awareness, and Communication (Clauses 7.2–7.4)
ISO 45001 places greater emphasis on demonstrating competence through evidence, not just training records. Workers must be aware of their contribution to OH&S performance and the implications of not conforming to OH&S requirements. Communication requirements are also more detailed, distinguishing between internal and external communication.
8. Operational Planning and Control (Clause 8.1)
ISO 45001 introduces a hierarchy of controls more explicitly aligned with the established industrial hygiene model: elimination, substitution, engineering controls, administrative controls, and personal protective equipment. It also requires management of change (clause 8.1.3) — a formal process for evaluating OH&S impacts before organizational or operational changes are implemented.
9. Contractor and Procurement Management (Clause 8.1.4)
This is substantially expanded from OHSAS 18001. ISO 45001 requires organizations to establish and communicate OH&S requirements to contractors, evaluate contractor OH&S competence, and monitor contractor performance on-site. This matters enormously in industries where contractor fatalities represent a disproportionate share of workplace incidents.
According to the U.S. Bureau of Labor Statistics, contractors account for approximately 10–15% of occupational fatalities in high-hazard industries despite representing a smaller proportion of total working hours — a data point that validates this expanded requirement.
10. Performance Evaluation (Clause 9)
ISO 45001 requires a more structured approach to monitoring, measurement, analysis, and evaluation. Organizations must determine what to measure, how to measure it, when results will be analyzed, and when results will be communicated. Management review inputs and outputs are also more detailed than OHSAS 18001 equivalents.
How to Transition: A Practical Step-by-Step Approach
Step 1: Conduct a Gap Analysis
Before anything else, map your existing OHSAS 18001 system against ISO 45001:2018 clause by clause. Identify where you already comply, where partial compliance exists, and where there are complete gaps. Pay particular attention to clauses 4, 5.1, 5.4, and 6.1 — these represent the largest conceptual shifts.
A structured gap analysis typically takes 1–3 days for an experienced consultant and serves as the project roadmap.
Step 2: Establish Leadership Buy-In
Given that clause 5.1 requires demonstrated top management leadership, this isn't just good practice — it's a certification requirement. Brief your executive team on the specific behavioral expectations ISO 45001 places on leadership. This includes attending management reviews, visibly championing OH&S objectives, and being available to discuss the OH&S system with auditors.
Step 3: Update Your Context and Scope Documents
Draft your context of the organization analysis (clause 4.1) and interested parties register (clause 4.2). Use these to formally define or refine your OH&S management system scope. This documented scope is required under clause 4.3 and must reflect the realistic boundaries of your system.
Step 4: Revise Your Risk Assessment Process
Expand your hazard identification and risk assessment process to include the identification of OH&S opportunities. Update your methodology documentation to reflect the hierarchy of controls as outlined in clause 8.1.2. Ensure your risk assessment covers all workers — including contractors, temporary workers, and visitors — not just direct employees.
Step 5: Build Worker Participation Mechanisms
If you don't have formal mechanisms for non-managerial worker participation in OH&S activities, build them now. Joint health and safety committees, toolbox talk participation records, and documented worker input into risk assessments all serve as evidence. Ensure your documented information captures who participated and how their input was considered.
Step 6: Update Objectives and Performance Metrics
Review your OH&S objectives against the clause 6.2 requirements. Ensure each objective is measurable, has a documented plan, and is tied to a responsible owner. Consider whether your current lagging indicators (injury rates, lost-time incidents) are complemented by leading indicators (near-miss reporting rates, training completion, inspection completion).
Step 7: Address Contractor Management
Develop or update your contractor management procedure to include OH&S pre-qualification, on-site orientation, and performance monitoring requirements. Document how you communicate OH&S requirements to contractors before they begin work and how you verify compliance.
Step 8: Train Your Team
Conduct awareness training for all workers on the transition and what ISO 45001 means for their role. Conduct deeper training for those responsible for managing elements of the system — supervisors, safety officers, department heads. Auditors will ask workers questions about their OH&S awareness; their answers matter.
Step 9: Conduct an Internal Audit Against ISO 45001
Don't wait for your certification body. Conduct a thorough internal audit against all ISO 45001 clauses before your transition or recertification audit. Use the findings to close gaps and generate corrective actions. Documented corrective action evidence demonstrates a functioning system to your certification body.
Step 10: Schedule Your Transition Audit
Work with an accredited certification body to schedule your stage 1 (documentation review) and stage 2 (on-site audit) audits against ISO 45001. Ensure your certification body is accredited by a member of the International Accreditation Forum (IAF).
Transition Timeline: What to Expect
| Phase | Activity | Typical Duration |
|---|---|---|
| Phase 1 | Gap analysis and project planning | 1–2 weeks |
| Phase 2 | Context, scope, and interested parties documentation | 2–3 weeks |
| Phase 3 | Risk assessment and opportunities update | 3–4 weeks |
| Phase 4 | Policy, procedures, and documented information update | 4–6 weeks |
| Phase 5 | Worker participation mechanisms implementation | 2–4 weeks |
| Phase 6 | Training and awareness | 2–4 weeks |
| Phase 7 | Internal audit | 1–2 weeks |
| Phase 8 | Management review | 1 week |
| Phase 9 | Stage 1 and Stage 2 certification audit | 2–6 weeks (CB scheduling) |
| Total | End-to-end transition | 3–6 months |
Common Transition Mistakes to Avoid
Treating it as a documentation project. ISO 45001 requires behavioral and operational change, not just updated procedures. Auditors look for evidence of implementation, not just documentation.
Underestimating the context clause. Many organizations write a brief paragraph about their business and call it context analysis. A robust context analysis is a living document that influences risk identification, objectives, and system design.
Ignoring contractor workers. ISO 45001's definition of "workers" is broader than most organizations initially realize. If you have contractors on-site, they must be included in your hazard identification, communication, and emergency procedures.
Skipping the internal audit. Organizations that bypass a thorough internal audit before their certification audit consistently find gaps the hard way — during the certification audit itself.
Citation Hooks
ISO 45001:2018 replaced OHSAS 18001 as the sole internationally recognized occupational health and safety management system standard, with all OHSAS 18001 certificates invalidated after March 11, 2021.
The core philosophical shift from OHSAS 18001 to ISO 45001 is the expansion from reactive hazard control to proactive identification of both risks and opportunities that affect OH&S performance, as required by ISO 45001:2018 clause 6.1.
ISO 45001:2018 clause 5.4 requires organizations to establish formal mechanisms for non-managerial worker participation in hazard identification, risk assessment, and incident investigation — a substantially stronger requirement than the consultation language in OHSAS 18001.
Working With an Expert Consultant
At Certify Consulting, we've supported more than 200 organizations through management system certifications with a 100% first-time audit pass rate. The OHSAS 18001 to ISO 45001 transition is one of the most common engagements we handle — whether an organization is transitioning retroactively, building ISO 45001 from scratch, or integrating it with an existing ISO 9001 or ISO 14001 system.
If you're preparing for a transition audit or building your ISO 45001 system for the first time, our structured gap analysis and implementation support can compress your timeline significantly and eliminate the costly surprises that emerge in unprepared audits.
For additional resources on building a compliant OH&S management system, explore our ISO 45001 clause-by-clause implementation guide and our hazard identification and risk assessment resources here on ISO 45001 Expert.
Frequently Asked Questions
Q: Is OHSAS 18001 still valid? No. OHSAS 18001 was officially withdrawn on March 11, 2021. All certificates issued under OHSAS 18001 became invalid on that date. ISO 45001:2018 is the only internationally recognized OH&S management system standard.
Q: How long does it take to transition from OHSAS 18001 to ISO 45001? Most organizations complete the transition in 3–6 months when following a structured approach. Organizations with mature OHSAS 18001 systems and strong management commitment can sometimes achieve this in 10–12 weeks. The biggest variable is leadership engagement and the complexity of your workforce, including contractors.
Q: What are the biggest gaps between OHSAS 18001 and ISO 45001? The four most consistently significant gaps are: (1) context of the organization (clause 4), which is entirely new; (2) demonstrated top management leadership (clause 5.1); (3) formal worker participation mechanisms (clause 5.4); and (4) opportunity identification alongside risk management (clause 6.1).
Q: Do contractors have to be included in our ISO 45001 system? Yes. ISO 45001 uses a broad definition of "workers" that includes contractors, temporary workers, agency staff, and others working under the organization's control. Clause 8.1.4 specifically requires organizations to establish and communicate OH&S requirements to contractors and monitor their performance.
Q: Can ISO 45001 be integrated with ISO 9001 or ISO 14001? Yes — this is one of the primary design advantages of ISO 45001. Because it follows the High-Level Structure (Annex SL), the core clauses align with ISO 9001:2015 and ISO 14001:2015. Organizations with existing quality or environmental systems can integrate their OH&S management system efficiently, sharing documentation, internal audits, and management reviews.
Last updated: 2026-03-09
Frequently Asked Questions
Is OHSAS 18001 still valid?
How long does it take to transition from OHSAS 18001 to ISO 45001?
What are the biggest gaps between OHSAS 18001 and ISO 45001?
Do contractors need to be included in an ISO 45001 system?
Can ISO 45001 be integrated with ISO 9001 or ISO 14001?
Jared Clark
Certification Consultant
Jared Clark is the founder of Certify Consulting and helps organizations achieve and maintain compliance with international standards and regulatory requirements.