ISO 45001:2018 - Safety Management System


The ISO 45001 standard is characterized by a strategic approach to risk and addressed to organizations of all sizes and product sectors: it defines a particularly flexible and generally applicable management system model, whose primary purpose is to promote the best practices of occupational safety and health management in harmony with the current needs of individual companies, taking into account the reference context and taking into consideration all interested parties.
The ISO 45001 standard is structured according to a Risk Management approach and is based on Plan-Do-Check-Act (PDCA) methodology.


The structure is typical of ISO standards, according to the following model :


Context analysis and stakeholder expectations

The standard requires to consider the cultural, social, political, legal, financial context and to carry out an accurate mapping of stakeholders and stakeholders not only within the organization but also of the external ones; among these, by way of non-exhaustive example, the community, institutions, suppliers and contractors may be included.

In defining the scope of application of the SGSSL the Organization must therefore take into account what emerged from the analysis of its own context. It is therefore necessary to determine the relevant internal and external aspects that may affect the ability to achieve the defined objectives in terms of health and safety at work.



In ISO 45001, the role of top management (Alta Direzione) was emphasized as a fundamental key in the development and implementation of a management system for occupational health and safety. The top management must make the necessary resources available (both in terms of material and economic resources and in terms of personnel) in order to define the roles and responsibilities based on the activities of the organization, taking into account the profiles and skills of the personnel.
Senior management must demonstrate leadership and commitment by taking full responsibility for preventing accidents, injuries and occupational diseases; it must therefore ensure that the policies and objectives are established and that these are compatible with the strategic guidelines, identifying and defining the necessary resources.


Safety and Health Policy

As with the BS OHSAS 18001 standard, a formal document is also required for ISO 45001, as an expression of commitment by top management, which constitutes a reference framework for setting OSH objectives, including the commitment to eliminate hazards and reduce risks and meet legal requirements and other requirements.


Consultation and participation of workers

The involvement of all the organization's personnel is a determining factor in the application of the standard.
In perfect harmony with Legislative Decree n. 81/08, also in ISO 45001 the need to involve personnel in all elements of the management system, from risk analysis, to accident investigations, to the definition of improvement objectives, directly and / or through the RLS.
An important aspect is the consultation of staff and contractors and more generally to stakeholders. In particular, the organization requires effective consultation and participation of workers at all levels, including operational functions, in the development, planning, implementation and performance evaluation.


Actions to address risks and opportunities; goals and actions to achieve them

The organization, based on the preliminary analysis of the context and therefore taking into consideration the interested parties, must determine the risks and opportunities for improvement for the organization based on the identified hazards, the risks and opportunities assessed, the legal requirements and the other requirements.
Particular emphasis was given to the management of changes, be they permanent or temporary, in fact the standard provides, in the event of planned changes, an evaluation before the change is implemented.
The objectives must be consistent with the strategic guidelines, be measurable and able to provide a performance evaluation; it is therefore necessary to formalize an activity plan that includes the resources required, the managers and the timing.


Competence and awareness

The organization must determine the necessary competences of the workers who influence or may influence the performance of OSH; ensure an adequate degree of competence of workers. It remains therefore the responsibility of the management to take any action to acquire and maintain the necessary skills and to evaluate the effectiveness of the actions undertaken.
Particular attention is in fact given to the activities related to training both as regards that aimed at the management systems and the relative one to risks in the workplace.
Similarly to Legislative Decree no. 81/2008, training on the safety management system must be calibrated on the basis of skills, responsibilities, roles, language knowledge and specific risks.


Operational control and emergency response

The standard expressly requires the organization to define appropriate processes for the elimination of hazards and risk reduction, according to a precise "hierarchy of prevention and protection measures", this aspect, in full spirit with the provisions of Legislative Decree 81/2008.
These processes must include not only the ordinary activities of the organization, but must include and monitor any situations such as the formulation of new products, services, machines and equipment and, more generally, changes to the process. productive, including organizational ones, which have an impact on health and safety aspects.

Furthermore, it is required that the procurement process of products and services, its outsourcing agreements are kept under control, monitored and evaluated periodically and are consistent with the legal requirements and other requirements and with the achievement of the expected results of the SGSSL. to routine activities, the organization must prepare the processes necessary to prepare and respond to non-routine situations and potential emergency situations; it must therefore be equipped with adequate tools for an effective response to emergencies.
As already envisaged in the planning phase, the activities concerning the management of modifications must be carried out under controlled conditions as planned.



The organization must define adequate processes for internal or external communications, determining the content, timing, recipients and methods. Effective management of information flows is essential, involving not only employees but also contractors, visitors and all stakeholders.


Performance measurement and control

In order to measure the actual performance of the management system, it is necessary to identify suitable indicators of the company processes in order to use objective parameters to make an assessment. The execution of systematic and planned inspections will allow to verify the correct implementation of the measures undertaken, the effectiveness of the operational controls, the progress towards the achievement of the objectives.


Analysis of accidents and near accidents

It is necessary to provide a methodology for an analysis and systematic evaluation of the "root causes" (ie the direct and indirect initial causes) of accidents and near accidents. It requires the adoption of actions aimed at preventing the occurrence of accidental situations, also taking into consideration significant incidents that occurred, internal or external.


Internal audits

The main control tool are the internal audits (audits) that must be carried out both at the Management level with periodic deadlines and at the operational level with appropriately trained company personnel.
Internal audits provide the tool to determine if the System thus structured complies with the plan for the management of safety issues.
Similarly to what is required by Legislative Decree n. 81/08, top management must ensure that the results of the audits are reported to the managers and workers involved (also through the Workers' Safety Representative)


Review by the Management

Periodically, and in any case at defined intervals, the Top Management must carry out reviews, or a formal assessment, of the state of the Safety Management System against the objectives established by the Company Policy, in order to ensure its continuous adequacy and effectiveness .
The conclusions that derive from these reviews will be used by the Management to highlight any need to improve the pro-active approach of the Organization aimed at minimizing the risk and improving its performance.
In conclusion, therefore, a substantial analogy between what already provided for by Legislative Decree n. 81/08 and many of the requirements of the ISO 45001 standard. The application of the standard is therefore the natural evolution of legislative elements now known and applied to organizations and its application favors the strategic approach to risk management or starting from identification and evaluation .