If your organization held OHSAS 18001 certification, you already know the deadline has long passed — OHSAS 18001 was officially withdrawn in March 2021, three years after ISO 45001:2018 was published. Yet I still encounter organizations operating on legacy OHSAS-based systems, either unaware their certification lapsed or uncertain how deep the gap truly is.
The gap is significant. This isn't a cosmetic update. ISO 45001 represents a fundamental rethinking of how occupational health and safety management systems should be structured, governed, and sustained. This guide breaks down every major change, explains the why behind each shift, and gives you a practical transition roadmap.
Why OHSAS 18001 Was Replaced — Not Just Revised
OHSAS 18001 served organizations well for nearly 20 years. Published in 1999 and revised in 2007, it gave organizations a recognized framework for OHS management at a time when no international ISO standard existed. But it had structural limitations:
- It was a BSI-developed specification, not a true ISO standard
- It used a legacy "Plan-Do-Check-Act" loop with minimal strategic integration
- It placed little emphasis on organizational context or worker participation
- It treated OHS as largely a compliance and hazard-control exercise
- It lacked the High Level Structure (HLS) that allows seamless integration with ISO 9001 and ISO 14001
ISO 45001:2018 was designed from the ground up to fix all of this. The International Labour Organization (ILO) was formally involved in its development — a first for ISO — which explains the much stronger emphasis on worker consultation, participation, and labor rights throughout the standard.
Citation hook: ISO 45001:2018 is the first occupational health and safety management system standard developed by ISO, replacing the BSI-published OHSAS 18001 specification that had been the de facto global benchmark since 1999.
The Numbers Behind the Transition
Before diving into the clause-by-clause changes, it's worth understanding the scale of what this transition represented globally:
- As of the withdrawal deadline, an estimated 90,000+ organizations in over 130 countries held OHSAS 18001 certification
- ISO 45001 saw over 50,000 organizations certified within its first two years of publication — one of the fastest adoption rates for any management system standard
- According to the ILO, 2.3 million workers die annually from occupational accidents and diseases, a statistic that directly motivated the standard's stronger focus on eliminating root causes rather than just controlling hazards
- The transition period granted by certification bodies was 3 years (March 2018 to March 2021), which ISO considered the minimum time needed for mature system migration
- Studies by major certification bodies found that organizations integrating ISO 45001 with ISO 9001 and/or ISO 14001 reduced their combined audit time by 20–30% due to the shared HLS framework
Structural Change: The High Level Structure
One of the most consequential changes is architectural. ISO 45001 follows Annex SL's High Level Structure (HLS) — the same 10-clause framework used by ISO 9001:2015 and ISO 14001:2015. OHSAS 18001 did not.
OHSAS 18001 vs. ISO 45001 Clause Comparison
| OHSAS 18001 Element | ISO 45001 Clause | Key Difference |
|---|---|---|
| 4.1 General requirements | 4.1–4.4 Context of the organization | ISO 45001 requires formal analysis of internal/external context and interested parties |
| 4.2 OH&S policy | 5.2 OH&S policy | Policy now must be driven by top management with demonstrated leadership behaviors |
| 4.3.1 Hazard identification, risk assessment | 6.1 Actions to address risks and opportunities | ISO 45001 adds "opportunities" — proactive improvement is now required |
| 4.3.2 Legal and other requirements | 6.1.3 Determination of legal requirements | Substantially similar, but integrated into broader risk/opportunity planning |
| 4.3.3 Objectives and programs | 6.2 OH&S objectives and planning | Objectives must be more explicitly linked to context and risk findings |
| 4.4.1 Resources, roles, accountability | 5.3 / 7.1 Leadership and resources | Top management accountability is now non-delegable |
| 4.4.2 Competence, training | 7.2 Competence | Competence must be evaluated, not just training delivered |
| 4.4.3 Communication, participation | 5.4 / 7.4 Consultation and participation | Worker consultation and participation requirements are dramatically expanded |
| 4.4.5 Control of documents | 7.5 Documented information | More flexible, output-focused rather than prescriptive |
| 4.5.1 Performance measurement | 9.1 Monitoring, measurement, analysis | Must include both leading and lagging indicators |
| 4.6 Management review | 9.3 Management review | Inputs and outputs are more specifically defined |
| — | 10.1 Continual improvement | Explicit improvement obligations now a standalone clause |
The 7 Most Significant Changes in Detail
1. Organizational Context (Clause 4) — New Requirement
ISO 45001 requires you to formally identify and document the internal and external issues that are relevant to your OHS management system. This includes things like:
- Industry sector and associated hazard profiles
- Regulatory environment and jurisdictional requirements
- Organizational culture, workforce demographics, and labor relations
- Supply chain risks and contractor/visitor exposure
You must also identify interested parties (workers, regulators, contractors, unions, community members) and understand their needs and expectations.
OHSAS 18001 had none of this. Most OHSAS-certified organizations I've worked with were surprised to learn how much strategic analysis ISO 45001 actually demands. This isn't box-ticking — it's the foundation that makes everything else in the system defensible.
2. Leadership and Worker Participation (Clause 5) — Dramatically Expanded
This is the single biggest cultural shift. OHSAS 18001 required management commitment. ISO 45001 requires demonstrated leadership — and the distinction is intentional and auditable.
Under ISO 45001 clause 5.1, top management must: - Take overall accountability for preventing injury and ill health (not delegate it away) - Ensure the OH&S management system is integrated into business processes - Direct and support persons to contribute to the effectiveness of the system - Promote a culture that supports intended outcomes
Clause 5.4 on consultation and participation of workers is entirely new and remarkably specific. Workers (and their representatives where they exist) must be consulted on hazard identification, risk assessment, incident investigation, and the development of corrective actions. This isn't just notification — it's genuine participation with documented evidence.
Citation hook: ISO 45001 clause 5.4 mandates documented worker consultation on hazard identification, risk assessment controls, and incident investigations — requirements that had no direct equivalent in OHSAS 18001.
3. Risks AND Opportunities (Clause 6.1) — New Concept
OHSAS 18001 focused almost entirely on hazards and risks. ISO 45001 introduces the concept of opportunities — the idea that the OHS management system should actively seek improvements, not merely prevent failures.
This includes: - Opportunities to improve OH&S performance - Opportunities to integrate OHS into business planning and design - Opportunities arising from organizational changes
In practice, this means your risk register should have a companion opportunities log. When I help clients build this, the most common opportunities identified include: redesigning procurement processes to specify safer materials, incorporating OHS criteria into capital project design reviews, and leveraging incident data to improve training programs.
4. Top Management Accountability (Non-Delegable)
Under OHSAS 18001, a "management representative" could hold the OHS brief on behalf of executive leadership. ISO 45001 eliminated this concept. While you can still have an OHS manager or coordinator, the accountability for the OH&S management system sits with top management and cannot be delegated downward.
Auditors will interview executives. They will ask about how the OHS system is integrated into business planning. If the CEO says "that's the safety manager's job," that's a nonconformance.
5. Planning for Change (Clause 8.1.3) — New Requirement
ISO 45001 explicitly requires organizations to manage the OHS implications of planned changes — new processes, equipment, organizational restructuring, regulatory changes. This must be systematic, not ad hoc.
OHSAS 18001 touched on this implicitly but never required it as a formal process. In my experience, this is where organizations get into the most trouble: a merger happens, a new production line is installed, or a key contractor changes — and nobody formally assessed the OHS implications in advance.
6. Procurement and Contractors (Clause 8.1.4) — Strengthened
ISO 45001 significantly strengthens requirements around contractors, outsourced processes, and procurement. You must: - Establish criteria for evaluating and selecting contractors based on OHS capability - Communicate your OHS requirements to contractors before they start work - Monitor contractor OHS performance during work - Ensure coordination between your operations and contractor activities
This is a meaningful upgrade from OHSAS 18001, where contractor management was less systematically addressed.
7. Performance Evaluation (Clause 9) — More Rigorous
ISO 45001 clause 9.1 requires monitoring of both leading and lagging indicators. Lagging indicators (injury rates, lost time incidents) are reactive — they measure failures. Leading indicators (safety observations, near-miss reporting rates, training completion, hazard correction rates) are proactive.
The standard doesn't dictate which indicators to use, but auditors will look for evidence that your measurement approach is genuinely informing decisions, not just generating compliance reports that nobody acts on.
Citation hook: ISO 45001 clause 9.1.1 requires organizations to monitor both leading and lagging OHS performance indicators, a dual-measurement approach designed to detect system weaknesses before incidents occur.
Your ISO 45001 Transition Roadmap
If you're transitioning from a legacy OHSAS 18001 system (or building one from scratch on the ISO 45001 framework), here's how I approach it with clients at Certify Consulting:
Phase 1: Gap Analysis (Weeks 1–3)
Conduct a structured gap analysis comparing your current documented system and actual practices against every clause of ISO 45001. Don't just map documents — assess whether the behaviors required by the standard are actually happening.
Key areas to probe: - Is there documented evidence of context and interested party analysis? - Can top management articulate their personal OHS accountabilities? - Is worker consultation on risk assessments documented? - Are both leading and lagging indicators tracked and reviewed?
Phase 2: System Design and Documentation Updates (Weeks 4–10)
Based on your gap analysis, update your OH&S manual (if you maintain one), procedures, and forms to reflect ISO 45001 requirements. Critical new or revised documents typically include:
- Context and interested party register
- Risks and opportunities register (with OHS-specific content)
- Worker consultation and participation procedure
- Updated hazard identification and risk assessment procedure (reflecting opportunities)
- Competence evaluation process (not just training records)
- Change management procedure for OHS
- Contractor OHS management procedure
Phase 3: Implementation and Training (Weeks 8–16)
Roll out the updated system. This phase is where many organizations falter — they update documentation but don't change behavior. Prioritize:
- Executive briefing: Top management must understand and accept their non-delegable accountability
- Worker training: Particularly on the consultation and participation rights under clause 5.4
- Supervisor training: Hazard identification, risk assessment, and change management are now line management responsibilities, not just safety department functions
Phase 4: Internal Audit (Weeks 14–18)
Conduct a full internal audit against ISO 45001 — not OHSAS 18001. Use auditors who understand the new standard. Your existing OHSAS 18001 audit checklists are not adequate for this.
Focus particular attention on: - Evidence of top management leadership (clause 5.1) - Worker consultation records (clause 5.4) - Opportunities documentation (clause 6.1) - Performance monitoring with leading indicators (clause 9.1)
Phase 5: Management Review and Certification Audit (Weeks 18–24)
Conduct a full management review using the inputs specified in ISO 45001 clause 9.3. Then schedule your Stage 1 (documentation review) and Stage 2 (on-site audit) with your chosen certification body.
With proper preparation, first-time audit pass rates should be high. At Certify Consulting, we've maintained a 100% first-time audit pass rate across 200+ client engagements precisely because we don't let clients proceed to certification until the system is genuinely mature.
Common Transition Mistakes to Avoid
Treating it as a document update exercise. The biggest gap between OHSAS 18001 and ISO 45001 isn't in the paperwork — it's in leadership behavior and worker engagement. You can have perfect documents and fail an audit badly.
Ignoring the opportunities requirement. Most organizations I audit have risk registers. Almost none have opportunities registers. Auditors notice this immediately.
Delegating top management accountability downward. If your CEO signs the policy but can't describe their personal OHS commitments, you have a clause 5.1 nonconformance waiting to happen.
Reusing OHSAS 18001 audit checklists. The clause structure is different enough that old checklists will miss significant new requirements. Build new ones mapped to ISO 45001.
Underestimating worker participation documentation. Clause 5.4 requires evidence of consultation, not just notification. Meeting minutes, sign-in sheets, and documented feedback loops are essential.
Integration Opportunity: ISO 9001 and ISO 14001
One significant advantage of moving to ISO 45001 is the integration opportunity it creates. Because ISO 45001, ISO 9001:2015, and ISO 14001:2015 all share the same High Level Structure, organizations maintaining multiple certifications can build a single Integrated Management System (IMS) with:
- One context analysis serving all three standards
- One set of documented information controls
- One internal audit program
- One management review process
This isn't just an administrative convenience — it produces a more strategically coherent management system where quality, environmental, and OHS objectives are aligned rather than siloed.
For more on integrating your management systems, see our guide on building an integrated management system for ISO 45001, 9001, and 14001.
If you're starting the transition and want an expert gap analysis before committing to a full implementation project, our ISO 45001 gap assessment service is designed to give you a clear, actionable starting point.
Frequently Asked Questions
Is OHSAS 18001 certification still valid?
No. OHSAS 18001 was officially withdrawn in March 2021. Certification bodies stopped issuing and renewing OHSAS 18001 certificates at that point. Any organization claiming current OHSAS 18001 certification after that date holds an expired certificate. To demonstrate a certified OH&S management system, organizations must obtain ISO 45001 certification.
How long does it take to transition from OHSAS 18001 to ISO 45001?
For a mature, well-documented OHSAS 18001 system, a realistic transition timeline is 4–6 months, assuming dedicated internal resources and experienced external support. Organizations with less mature systems, larger headcount, or multiple sites should plan for 6–12 months. The most time-consuming elements are typically updating worker consultation processes, establishing the context and opportunities framework, and building leadership accountability behaviors.
What are the biggest gaps between OHSAS 18001 and ISO 45001?
The most significant gaps are: (1) the organizational context and interested party analysis requirement (entirely new in ISO 45001), (2) the non-delegable top management accountability and demonstrated leadership requirements, (3) the worker consultation and participation obligations in clause 5.4, (4) the requirement to identify and act on OHS opportunities — not just risks, and (5) the use of leading indicators in performance monitoring.
Can we build an integrated management system combining ISO 45001 with ISO 9001 or ISO 14001?
Yes, and it's highly recommended. All three standards share the same High Level Structure (Annex SL), which means their core clauses — context, leadership, planning, support, operation, performance evaluation, and improvement — map directly to each other. An integrated management system reduces duplicated effort, streamlines auditing, and produces more strategic alignment between quality, environmental, and OHS objectives.
Do we need to retain a consultant to transition to ISO 45001?
It depends on your internal capabilities and the maturity of your current system. Organizations with experienced OHS professionals who deeply understand management system standards can often lead the transition internally with targeted external support for gap analysis and pre-audit review. However, organizations without that internal expertise, or those working toward first-time certification, typically benefit significantly from working with an experienced consultant — both to accelerate the timeline and to avoid the cost of a failed certification audit.
Final Thoughts
The transition from OHSAS 18001 to ISO 45001 is not optional, and it's not cosmetic. It represents a genuine evolution in how occupational health and safety management systems are designed and led — with stronger strategic integration, unambiguous leadership accountability, and a genuine role for workers in shaping the system that protects them.
Organizations that approach the transition seriously — not as a documentation exercise but as a genuine system upgrade — will find that ISO 45001 produces a measurably stronger safety culture and more defensible regulatory compliance posture.
If your organization needs expert guidance through this transition, Certify Consulting has supported over 200 clients through ISO management system implementation with a 100% first-time audit pass rate.
Last updated: 2026-03-06
Jared Clark
Certification Consultant
Jared Clark is the founder of Certify Consulting and helps organizations achieve and maintain compliance with international standards and regulatory requirements.