SIST ISO 45002:2023

INTERNATIONAL ISO
STANDARD 45002
First edition
2023-02
Occupational health and safety
management systems — General
guidelines for the implementation of
ISO 45001:2018
Systèmes de management de la santé et de la sécurité au travail —
Lignes directrices générales pour la mise en œuvre de l'ISO
45001:2018
Reference number
© ISO 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Context of the organization .1
4.1 Understanding the organization and its context . 1
4.2 Understanding the needs and expectations of workers and other interested parties . 4
4.3 Determining the scope of the OH&S management system . 7
4.4 OH&S management system . 9
5 Leadership and worker participation . 9
5.1 Leadership and commitment . 9
5.2 OH&S policy . 11
5.3 Organizational roles, responsibilities and authorities .13
5.4 Consultation and participation of workers . 14
6 Planning .16
6.1 Actions to address risks and opportunities . 16
6.1.1 General . 16
6.1.2 Hazard identification and assessment of risks and opportunities . 16
6.1.3 Determination of legal requirements and other requirements .28
6.1.4 Planning action .29
6.2 OH&S objectives and planning to achieve them .30
6.2.1 OH&S objectives . 30
6.2.2 Planning to achieve OH&S objectives . 31
7 Support .33
7.1 Resources . 33
7.2 Competence . 33
7.3 Awareness . 35
7.4 Communication . 37
7.4.1 General . 37
7.4.2 Internal communication .38
7.4.3 External communication .40
7.5 Documented information . 41
7.5.1 General . 41
7.5.2 Creating and updating . 43
7.5.3 Control of documented information . 43
8 Operation . 44
8.1 Operational planning and control .44
8.1.1 General .44
8.1.2 Eliminating hazards and reducing OH&S risks. 47
8.1.3 Management of change .50
8.1.4 Procurement . 51
8.2 Emergency preparedness and response .54
9 Performance evaluation .58
9.1 Monitoring, measurement, analysis and performance evaluation .58
9.1.1 General .58
9.1.2 Evaluation of compliance . 61
9.2 Internal audit . 62
9.2.1 General . 62
9.2.2 Internal audit programme . 62
9.3 Management review .64
iii
10 Improvement .65
10.1 General .65
10.2 Incident, nonconformity and corrective action.66
10.3 Continual improvement .68
Bibliography .70
iv
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO’s adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 283, Occupational health and safety
management.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
v
Introduction
An organization is responsible for the occupational health and safety (OH&S) of its workers. This
responsibility includes promoting and protecting their physical and mental health. The organization
is also responsible for taking steps to protect others who can be affected by its activities. This is best
achieved through an OH&S management system.
The purpose of an OH&S management system is to provide a framework for managing OH&S risks and
opportunities, and for managing risks and opportunities to the management system itself. The intended
outcomes of the OH&S management system are to continually improve the OH&S performance, to fulfil
legal requirements and other requirements, and to achieve the OH&S objectives.
This document gives guidance on how to implement the requirements in ISO 45001:2018 in any type
of organization and should be used in conjunction with ISO 45001:2018. Where ISO 45001:2018 states
what needs to be done, this document expands on that and gives guidance, including real-life cases, on
how it can be done. A complement to this general guidance is a handbook, see Reference [2].
The intention of ISO 45001:2018 is to enable organizations to protect all workers from injury and ill
health, regardless of individual characteristics. This document provides additional guidance on how
to ensure the specific needs of individuals and groups of workers are addressed, recognizing that a
generic approach to OH&S management can lead to the needs of different genders, age and minority
groups not being fully addressed.
Many requirements of ISO 45001:2018 contain terms such as “as appropriate”, “as applicable” or
“relevant”. These terms signal that the organization should determine whether and how the requirement
pertains to the organization, taking into account its conditions, processes or context. In this document,
the meaning of these terms is as follows:
— “as appropriate” means suitable or proper in the circumstances and implies some degree of freedom,
i.e. it is up to the organization to decide what to do;
— “as applicable” means possible to apply and implies that if it can be done, it should be done;
— “relevant” means directed and connected to the subject, i.e. pertinent.
The OH&S management system approach applied in this document is founded on the concept of Plan-Do-
Check-Act (PDCA). The PDCA concept is an iterative process used by organizations to achieve continual
improvement. It can be applied to an OH&S management system and to each of its individual elements,
as follows:
a) Plan: determine and assess OH&S risks, OH&S opportunities and other risks and other opportunities
that can influence the intended outcomes of the OH&S management system and establish OH&S
objectives and processes necessary to deliver results in accordance with the organization’s OH&S
policy.
b) Do: implement the processes as planned.
c) Check: monitor and measure activities and processes with regard to the OH&S policy and OH&S
objectives and report the results.
d) Act: take actions to continually improve the OH&S performance to achieve the intended outcomes.
The PDCA concept and relationship to this document is shown in Figure 1.
vi
NOTE The numbers given in brackets refer to the clause numbers in this document.
Figure 1 — Relationship between PDCA and the framework in this document
vii
INTERNATIONAL STANDARD ISO 45002:2023(E)
Occupational health and safety management systems —
General guidelines for the implementation of ISO
45001:2018
1 Scope
This document gives guidance on the establishment, implementation, maintenance and continual
improvement of an occupational health and safety (OH&S) management system that can help
organizations conform to ISO 45001:2018.
NOTE 1 While the guidance in this document is consistent with the ISO 45001:2018 OH&S management
system model, it is not intended to provide interpretations of the requirements in ISO 45001.
NOTE 2 The use of the term “should” in this document does not weaken any of the requirements in
ISO 45001:2018 or add new requirements.
NOTE 3 For most of the clauses in this document, there are real-life cases on how different types of
organizations have implemented the requirements. These are not intended to suggest the only or best way to do
this, but to describe one way this was done by an organization.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 45001:2018, Occupational health and safety management systems — Requirements with guidance for
use
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 45001:2018 apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
4 Context of the organization
4.1 Understanding the organization and its context
To be able to implement an effective OH&S management system, the organization needs to understand
the context within which it operates and to determine what issues can make it easier or more difficult
to achieve the intended outcomes of the OH&S management system. The intended outcomes as included
in the definition of “occupational health and safety management system” (see ISO 45001:2018, 3.11)
are to prevent injury and ill health to workers and to provide safe and healthy workplaces. It includes
enhancement of OH&S performance, fulfilment of legal requirements and other requirements, and
achievement of OH&S objectives. These are the minimal, core outcomes but an organization can
set additional intended outcomes such as going beyond the requirements of ISO 45001:2018, e.g.
encouraging a supplier to also implement an OH&S management system.
The organization should be aware that external and internal issues can change, and therefore, should be
monitored and reviewed. It is advisable for an organization to conduct reviews of its context at planned
intervals and through activities such as management review.
Examples of external issues that can affect the intended outcomes of an OH&S management system are:
— economic and financial situation, economic activity;
— business sector, markets, international commerce activities, the needs and expectations of
interested parties (contractors, insurance companies, etc.);
— supply chain requirements, including modern slavery;
— terrorist threats;
— technological innovations, equipment, products and systems evolution, the knowledge of OH&S
effects of products and work equipment;
— political and social unrest;
— legal requirements and other requirements, including legislation, sectoral agreements, conventions
and voluntary agreements subscribed to by the organization;
— institutional needs and expectations;
— the geographical location of the company;
— environmental concerns that can have an impact on health and safety, including climate change and
pollution;
— potential emergency situations including pandemics but also floods, earthquakes, etc.
Examples of internal issues that can affect the intended outcomes of an OH&S management system are:
— consultation and participation, issues raised by workers and other interested parties that can
impact the organization’s internal activities and its OH&S management system;
— internal requirements, including policies and practices, mission, vision, values, objectives, strategies,
agreements and guidelines;
— what has been known to cause injuries and ill health in the past;
— organization structure and governance model, work scope, work shifts, roles, functions and
responsibilities;
— work centres and distribution;
— demography (e.g. gender of workers, age range, racial identities, range of languages, workers with
disabilities);
— conditions and extension of services and activities;
— globalization and internalization of the company;
— cultural diversity (e.g. inclusion, racial identities and backgrounds, cultural and religious beliefs,
proficiency in languages, literacy and education levels);
— financial, human (availability, competence, etc.) and technological resources (availability and
conditions of equipment, products, facilities, systems and workplaces) and distribution of resources;
— general planning;
— processes, products and services.
An organization can choose to document this information if it wants to adopt a more structured
approach to its OH&S management system. However, the absence of such documentation should not
impact the ability of the organization to seek and demonstrate conformity to ISO 45001, where it can
evidence a structured approach by other means.
The organization can use different methodologies to determine and evaluate the external and internal
issues. One example is analysing strengths, weakness, opportunities and threats. See Clause 5 for
guidance on how to involve workers in this process.
The issues dealt with in this clause are mainly related to the impact on the OH&S management system
and are usually analysed at high levels of the organization. Specific OH&S risks are dealt with at
operational levels and are considered in 6.1.2 and 6.1.3.
EXAMPLE Real life case 1 on how to implement requirements in ISO 45001:2018, 4.1.
A diverse service organization implemented the requirements of 4.1 and made a high-level analysis of issues
by conducting a brainstorming exercise with participation from OH&S staff, other workers and worker
representatives, knowledgeable persons from various parts of the organization and someone from top
management who champions OH&S. The team discussed external and internal issues from a wide perspective
and determined which were relevant for the OH&S management system. This then served as input to identify
interested parties (see 4.2), determine scope (see 4.3), and address risks and opportunities (see 6.1).
Even though there is no requirement in ISO 45001:2018 to document the result of this context work, the
organization chose to do that anyway and ensure that the whole team agreed on the result. They created a bridge
from context to planning by documenting each relevant issue in a categorized way, stating if this was a current
or future issue, and if it had a positive or negative potential. They also put a value to its relative importance
and stated how the issue should be managed in their system (as an OH&S risk, potential emergency, risk to the
management system, other opportunity, etc.). Table 1 shows part of what they found.
This context exercise is reviewed when there are significant external or internal changes that affect the
organization or the OH&S management system and otherwise when deemed appropriate by the organization.
Table 1 — Some of the external and internal issues found
Category Issue Time Negative OH&S Managed as
frame or management
positive system
importance
Culture: Lack of OH&S interest from top Current Negative High OH&S manage-
internal management ment system risk
Workplace Working at heights with customer Current Negative Medium OH&S risk
hazard installations
Workplace Noise levels in some operations Current Negative High OH&S risk
hazard
Economy: Lack of financial resources for Future Negative Medium Currently not
internal investing in OH&S improvements managed
Activities: Inadequate chemical management Current Negative Medium OH&S risk
internal
Resources: Improvement of OH&S staff Current Positive Medium OH&S manage-
internal competence beyond requirements ment system
opportunity
Technology: New technologies for eliminating Current Positive High OH&S manage-
external hazards and mitigating OH&S risks ment system
developed opportunity
Interested Requirements from customers Future Positive High OH&S manage-
parties: regarding OH&S management ment system
external system certification opportunity
Interested Lack of participation from worker Current Negative High OH&S manage-
parties: representatives ment system risk
internal
TTabablele 1 1 ((ccoonnttiinnueuedd))
Category Issue Time Negative OH&S Managed as
frame or management
positive system
importance
Company: Poor internal OH&S Current Negative Medium OH&S manage-
internal communication ment system risk
Resources: Suppliers of OH&S protection Future Negative Medium OH&S manage-
external equipment, including personal ment system risk
protective equipment (PPE) are
not always able to deliver required
goods when there is increased
market demand
Company: Lack of specific consideration Current Negative High OH&S risk
internal for issues related to gender,
non-binary workers and other
specific groups as well as
provision for these groups
4.2 Understanding the needs and expectations of workers and other interested parties
The needs and expectations (i.e. requirements) of workers and other interested parties are important
when considering the context in which the organization operates. It is important that the organization
takes into account the characteristics of its workers and how these can affect needs and expectations.
Different genders and age groups can have very different needs and expectations than others. Minority
groups (e.g. ethnic minorities, workers with physical or mental disabilities, workers of non-traditional
gender or sexuality) also have needs and expectations which are not always recognized or understood.
Determining interested parties that are relevant to the OH&S management system and developing a
relationship with them enables communication, which can improve worker participation, remove
obstacles to participation, lead to a culture that supports OH&S, and build mutual understanding, trust
and respect.
The organization should identify the relevant needs and expectations of workers and other interested
parties, to determine those that it has to comply with and voluntary agreements that it chooses to
comply with. The methods used and resources applied can vary depending on, for example, the size
and nature of the organization, the finances available, the OH&S risks and opportunities that should be
addressed, and the organization’s experience with OH&S management.
There are three steps that are typically taken to determine what the organization should comply with:
— Step 1: Determining other relevant interested parties, in addition to workers. Workers at all levels
are always at the heart of the OH&S management system. However, other interested parties that are
relevant to the OH&S management system can include:
— trade unions and worker representatives;
— regulatory or statutory agencies;
— communities;
— owners, including investors/shareholders;
— neighbours;
— other companies related to the organization, such as contractors, suppliers or clients;
— institutional bodies, such as inspectorates, OH&S national institutes and OH&S research groups;
— other bodies or companies related to injuries or illnesses, such as social security, compensation
bodies and insurance companies;
— customers (e.g. those requiring suppliers to implement an OH&S management system or that
have specific OH&S-related requirements);
— people that can occasionally be in the facilities or under the control of the organization, such as
visitors, consultants, transport workers, and workers of contractors or suppliers.
Interested parties can change over time and can depend on the sector, industry or the geographic
location in which the organization operates. Changes in the external or internal issues that are
part of the organization’s context can also result in a change in interested parties. It can be good
practice to keep this information up to date.
— Step 2: Determining the relevant needs and expectations (i.e. requirements) of workers and other
interested parties in relation to OH&S. Examples include:
— authorities require the organization to meet legal requirements;
— workers need the organization to provide adequate training to ensure their competence to
control risks from their work or as a result of contractor(s) work;
— specific needs and expectations of, for example, women (correctly fitting PPE), workplace
environment), older workers (accessibility, training/communication methods), workers with
visible or invisible disabilities, workers from different cultural or ethnic backgrounds, and
workers with additional psychological health and safety needs (e.g. due to racial identity,
sexuality, gender or religion);
— contractors need the organization to keep them informed of all OH&S-related policies, processes
and procedures;
— regulators require the organization to provide relevant OH&S information in a timely manner;
— owners need and expect to be kept informed about the organization’s OH&S performance;
— customers require their suppliers to implement fully or partially an OH&S management system;
— suppliers require access to hazard-related information as part of contract negotiations;
— worker representatives expect the organization to provide them with information on OH&S
performance regularly.
There is no single approach to determining needs and expectations. The organization should use
an approach that is appropriate to its scope, nature and scale, and is suitable in terms of detail,
complexity, time, cost and availability of reliable data. Sources for determining worker needs and
expectations can be:
— individual or collective agreements;
— suggestions by workers or their representatives;
— surveys carried out by the organization;
— informal discussions with workers.
— Step 3: Determining which needs and expectations are, or can become, legal requirements and other
requirements:
— An organization should determine which of the relevant interested parties’ needs and
expectations it has to comply with (legal requirements), and then which of the remaining needs
and expectations it chooses to adopt (other requirements). This general, high-level knowledge
then gives input into managing legal requirements and other requirements as further detailed
in 6.1.3.
— For requirements set by a regulatory body, the organization should gain knowledge of areas of
legislation that are applicable to its circumstances and operations and relevant in the context of
ISO 45001. The organization should ensure that legislation and regulatory body requirements
relating to fairness, equality and discrimination are taken into account.
— In the case of voluntary commitments (other requirements), the organization should gain broad
knowledge of relevant needs and expectations. This knowledge enables the organization to
understand the implications these can have on the achievement of the intended outcomes of its
OH&S management system.
The organization should consider the output from the steps above when setting the scope of its OH&S
management system, establishing its OH&S policy, and addressing risks and opportunities. Although
not a requirement, it can be useful to document this information to facilitate its use to meet other
requirements in ISO 45001.
EXAMPLE 1 Real life case 1 on how to implement requirements in ISO 45001:2018, 4.2.
A medium-sized manufacturing organization identified the following interested parties during the context
analysis of its external and internal issues:
— External, on-site (sometimes): Customers, visitors, suppliers, external consultants, labour inspectors,
insurance companies, waste management companies, fire department and ambulance workers.
— External, off-site: Creditors, competitors, regulatory authorities, shareholders, social insurance agencies,
neighbours, lenders and other finance institutions, and labour organizations.
— Internal: Workers including top management, worker representatives, works council and fire brigade
members, contractors.
In the form of a brainstorming workshop, the organization then listed everything it could think of that these
different interested parties required or might require of the organization related to OH&S. Then it also listed
anything anyone in the workshop could remember that these interested parties had asked about or even shown
an interest in, in relation to OH&S. They also included requirements from the past and added things they thought
would become requirements or become important for interested parties in coming years.
The final step was to decide which of these needs and expectations the organization would need to or chose
to comply with. These included legal requirements, collective agreements, board and top management OH&S-
related decisions (although they found two that were in conflict that needed to be resolved) and contractual
agreements.
The outcome was documented in a file and was then used as a starting point for the process of going into details
about legal requirements and other requirements and how these were met by the organization (see 6.1.3).
Table 2 shows what the file contained.
Table 2
Interested party Needs and/or expects the organization to:
Workers: — provide adequate training to ensure their competence to control risks from their work
or as a result of contractor(s) work processes and procedures
— be transparent and disclose OH&S information
— recognize and appreciate good initiatives and OH&S performance
— recognize that different groups of workers (related to gender, age, disabilities etc.) can
be exposed to different OH&S risks and take steps to address these
— ensure that workers have the possibility to participate in the planning and decisions
related to the execution of work tasks
TTabablele 2 2 ((ccoonnttiinnueuedd))
Interested party Needs and/or expects the organization to:
Authorities — meet legal requirements
— provide relevant OH&S information in a timely manner
— align its OH&S management system with government objectives
— promote compliance with applicable regulations and standards to contractors
Contractors — keep them informed of all OH&S-related policies, processes and procedures
— recognize and appreciate good OH&S performance, initiatives and collaboration
Owners — keep them informed on the organization’s OH&S performance
— good communication and coordination
— implement a sustainable OH&S management system
Customers — implement an OH&S management system that they have set up as a requirement for
suppliers
— supply products that are safe to use
— supply products in time and not delayed by incidents
— take a general approach to sustainable development that includes OH&S
Suppliers — be clear and consistent on what they require in relation to OH&S in contract
negotiations
— recognize and appreciate good OH&S performance, initiatives and collaboration
Worker — ensure a safe and healthy workplace with no serious OH&S incidents
representatives
— clarify OH&S rules as well as roles and responsibilities
— provide them with information on OH&S performance on a regular basis.
EXAMPLE 2 Real life case 2 on how to implement requirements in ISO 45001:2018, 4.2.
A small service organization conducted a survey of identified interested parties during two workshops with
participation from the OH&S manager, operations manager, worker representative, human relations manager,
a lawyer and two external consultants. First, the group identified the relevant interested parties; then it listed
anything anyone in the workshop knew that these interested parties had asked or shown an interest in, in
relation to OH&S.
They also included requirements from the past and added things they thought would become requirements or
become important for interested parties in coming years.
The results of the survey were reviewed by the owner and was sent to the worker representative to ask for
further input and/or review. Based on this input the company determined what to comply with. The outcome was
shared with employees at a meeting to obtain feedback and establish a plan for implementation.
4.3 Determining the scope of the OH&S management system
To clarify what is and what is not within the scope of its OH&S management system, the organization
should determine the boundaries and applicability of the management system, using the outputs from
4.1 and 4.2, and considering its activities. Implementing an OH&S management system can be done
with respect to the entire organization or to a subdivision of the organization.
Care should be taken to consider geographical, jurisdictional, physical and organizational boundaries
when defining and documenting the scope of the OH&S management system.
The organization should understand the extent of control or influence that it can exert over activities,
products and services before deciding on the scope. However, it is critical to the success of the OH&S
management system and to the credibility of the organization to ensure that the scope is not defined in
a way that excludes activities, products, services or facilities that have or can have significant impact
on the OH&S performance. The scope should also not be set to evade legal requirements or other
requirements, or to mislead interested parties.
If the organization changes its sphere of control or influence, expands or contracts its operations, or
makes other changes likely to affect the OH&S management system, the scope should be reconsidered.
When considering the scope of the OH&S management system, it is important to understand that
outsourced functions and processes can impact the intended outcomes of the OH&S management
system. Organizations should consider these activities when scoping the boundaries of their
management system. Further detail on outsourced functions is available in 8.1.4.3.
It is good practice to make the scope available to interested parties. There are several methods for
doing so (e.g. using a written description, inclusion on a site map, an organizational diagram, a webpage,
posting a public statement).
EXAMPLE 1 Real life case 1 on how to implement requirements in ISO 45001:2018, 4.3.
A large multiple location company reviewed the requirements of ISO 45001. Following the requirements, this
company determined its external and internal issues along with the needs and expectations of interested parties.
They then decided to start with a pilot implementation of an OH&S management system at one of their locations
with all its processes. The goal was to use the experiences from this pilot to see how OH&S performance could be
improved throughout the whole organization. This decision was documented and communicated internally and
made public on the company’s website.
EXAMPLE 2 Real life case 2 on how to implement requirements in ISO 45001:2018, 4.3.
A large organization has operations in many locations globally. It has experience with implementing another
management system in steps over a number of years and this did not work out well. The main reasons for this
were that:
— both top management and the rest of the organization started to lose interest over time when only a minor
part of the organization was involved during the first 1 to 2 years;
— a high turnover of staff meant that experiences from the first implementation were difficult to carry over to
other sites;
— business challenges due to economic and market changes created issues with top management focus.
The organization decides to implement the OH&S management system throughout the whole organization in 80
locations. They are aware this is a major commitment, but injuries and ill health are an issue in many locations,
and they do not want to give the impression that safety in one location is more important than in another. Based
on their review of requirements from interested parties there is also an expectation from both the board and
from key customers that they should have an OH&S management system in place.
EXAMPLE 3 Real life case 3 on how to implement requirements in ISO 45001:2018, 4.3.
A small factory decided that implementing an OH&S management system would reduce injuries and create a
safe and healthy workplace. The owner held a meeting with its 50 employees to gather information about their
needs and expectations. The owner then considered both external and internal issues facing the company,
such as growth and scarce resources. The owner developed a plan to implement ISO 45001:2018 step by step
over a period of two years. The scope included all processes and activities of the organization, including work
currently outsourced to another organization. The owner documented the scope and the implementation plan
and communicated it at the next employee meeting. The scope and plan were also posted on their webpage for
external stakeholders.
EXAMPLE 4 Real life case 4 on how to implement requirements in ISO 45001:2018, 4.3.
A small company that designs and manufactures plastic cutlery for airlines discusses the scope for their OH&S
management system. They have one manufacturing building that occupies part of a fairly large piece of land that
was previously used for other purposes.
Modern technology has reduced the need for such a large piece of land for its core manufacturing activities, so
they decide to open a restaurant close to the manufacturing building.
At the same time, the organization decided to implement an OH&S management system at the manufacturing
plant only. The scope of the OH&S management system was defined as “Designing and manufacturing plastic
cutlery at site X”.
Although the restaurant is located on the same piece of land owned by the same company, the OH&S management
system considers the “workplace” to be only the part of the site occup
...

FINAL
INTERNATIONAL ISO/FDIS
DRAFT
STANDARD 45002
ISO/TC 283
Occupational health and safety
Secretariat: BSI
management systems — General
Voting begins on:
2022-10-28 guidelines for the implementation of
ISO 45001:2018
Voting terminates on:
2022-12-23
RECIPIENTS OF THIS DRAFT ARE INVITED TO
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
Reference number
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO-
ISO/FDIS 45002:2022(E)
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN-
DARDS TO WHICH REFERENCE MAY BE MADE IN
NATIONAL REGULATIONS. © ISO 2022

ISO/FDIS 45002:2022(E)
FINAL
INTERNATIONAL ISO/FDIS
DRAFT
STANDARD 45002
ISO/TC 283
Occupational health and safety
Secretariat: BSI
management systems — General
Voting begins on:
guidelines for the implementation of
ISO 45001:2018
Voting terminates on:
© ISO 2022
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
RECIPIENTS OF THIS DRAFT ARE INVITED TO
ISO copyright office
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
CP 401 • Ch. de Blandonnet 8
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
CH-1214 Vernier, Geneva
DOCUMENTATION.
Phone: +41 22 749 01 11
IN ADDITION TO THEIR EVALUATION AS
Reference number
Email: copyright@iso.org
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO­
ISO/FDIS 45002:2022(E)
Website: www.iso.org
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
Published in Switzerland
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN­
DARDS TO WHICH REFERENCE MAY BE MADE IN
ii
NATIONAL REGULATIONS. © ISO 2022

ISO/FDIS 45002:2022(E)
Contents Page
Foreword .v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Context of the organization .1
4.1 Understanding the organization and its context . 1
4.2 Understanding the needs and expectations of workers and other interested parties . 4
4.3 Determining the scope of the OH&S management system . 7
4.4 OH&S management system . 9
5 Leadership and worker participation . 9
5.1 Leadership and commitment . 9
5.2 OH&S policy . 11
5.3 Organizational roles, responsibilities and authorities .13
5.4 Consultation and participation of workers . 14
6 Planning .16
6.1 Actions to address risks and opportunities . 16
6.1.1 General . 16
6.1.2 Hazard identification and assessment of risks and opportunities . 16
6.1.3 Determination of legal requirements and other requirements .28
6.1.4 Planning action .29
6.2 OH&S objectives and planning to achieve them .30
6.2.1 OH&S objectives . 30
6.2.2 Planning to achieve OH&S objectives . 31
7 Support .33
7.1 Resources . 33
7.2 Competence . 33
7.3 Awareness . 35
7.4 Communication . 37
7.4.1 General . 37
7.4.2 Internal communication .38
7.4.3 External communication .40
7.5 Documented information . 41
7.5.1 General . 41
7.5.2 Creating and updating . 43
7.5.3 Control of documented information . 43
8 Operation . 44
8.1 Operational planning and control .44
8.1.1 General .44
8.1.2 Eliminating hazards and reducing OH&S risks. 47
8.1.3 Management of change .50
8.1.4 Procurement . 51
8.2 Emergency preparedness and response .54
9 Performance evaluation .58
9.1 Monitoring, measurement, analysis and performance evaluation .58
9.1.1 General .58
9.1.2 Evaluation of compliance . 61
9.2 Internal audit . 62
9.2.1 General . 62
9.2.2 Internal audit programme . 62
9.3 Management review .64
iii
ISO/FDIS 45002:2022(E)
10 Improvement .65
10.1 General .65
10.2 Incident, nonconformity and corrective action.66
10.3 Continual improvement .68
Bibliography .70
iv
ISO/FDIS 45002:2022(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO’s adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 283, Occupational health and safety
management.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
v
ISO/FDIS 45002:2022(E)
Introduction
An organization is responsible for the occupational health and safety (OH&S) of its workers. This
responsibility includes promoting and protecting their physical and mental health. The organization
is also responsible for taking steps to protect others who can be affected by its activities. This is best
achieved through an OH&S management system.
The purpose of an OH&S management system is to provide a framework for managing OH&S risks and
opportunities, and for managing risks and opportunities to the management system itself. The intended
outcomes of the OH&S management system are to continually improve the OH&S performance, to fulfil
legal requirements and other requirements, and to achieve the OH&S objectives.
This document gives guidance on how to implement the requirements in ISO 45001:2018 in any type
of organization and should be used in conjunction with ISO 45001:2018. Where ISO 45001:2018 states
what needs to be done, this document expands on that and gives guidance, including real-life cases, on
how it can be done. A complement to this general guidance is a handbook, see Reference [2].
The intention of ISO 45001:2018 is to enable organizations to protect all workers from injury and ill
health, regardless of individual characteristics. This document provides additional guidance on how
to ensure the specific needs of individuals and groups of workers are addressed, recognizing that a
generic approach to OH&S management can lead to the needs of different genders, age and minority
groups not being fully addressed.
Many requirements of ISO 45001:2018 contain terms such as “as appropriate”, “as applicable” or
“relevant”. These terms signal that the organization should determine whether and how the requirement
pertains to the organization, taking into account its conditions, processes or context. In this document,
the meaning of these terms is as follows:
— “as appropriate” means suitable or proper in the circumstances and implies some degree of freedom,
i.e. it is up to the organization to decide what to do;
— “as applicable” means possible to apply and implies that if it can be done, it should be done;
— “relevant” means directed and connected to the subject, i.e. pertinent.
The OH&S management system approach applied in this document is founded on the concept of Plan-Do-
Check-Act (PDCA). The PDCA concept is an iterative process used by organizations to achieve continual
improvement. It can be applied to an OH&S management system and to each of its individual elements,
as follows:
a) Plan: determine and assess OH&S risks, OH&S opportunities and other risks and other opportunities
that can influence the intended outcomes of the OH&S management system and establish OH&S
objectives and processes necessary to deliver results in accordance with the organization’s OH&S
policy.
b) Do: implement the processes as planned.
c) Check: monitor and measure activities and processes with regard to the OH&S policy and OH&S
objectives and report the results.
d) Act: take actions to continually improve the OH&S performance to achieve the intended outcomes.
The PDCA concept and relationship to this document is shown in Figure 1.
vi
ISO/FDIS 45002:2022(E)
NOTE The numbers given in brackets refer to the clause numbers in this document.
Figure 1 — Relationship between PDCA and the framework in this document
vii
FINAL DRAFT INTERNATIONAL STANDARD ISO/FDIS 45002:2022(E)
Occupational health and safety management systems —
General guidelines for the implementation of
ISO 45001:2018
1 Scope
This document gives guidance on the establishment, implementation, maintenance and continual
improvement of an occupational health and safety (OH&S) management system that can help
organizations conform to ISO 45001:2018.
NOTE 1 While the guidance in this document is consistent with the ISO 45001:2018 OH&S management
system model, it is not intended to provide interpretations of the requirements in ISO 45001.
NOTE 2 The use of the term “should” in this document does not weaken any of the requirements in
ISO 45001:2018 or add new requirements.
NOTE 3 For most of the clauses in this document, there are real-life cases on how different types of
organizations have implemented the requirements. These are not intended to suggest the only or best way to do
this, but to describe one way this was done by an organization.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 45001:2018, Occupational health and safety management systems — Requirements with guidance for
use
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 45001:2018 apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www. iso. org/o bp
— IEC Electropedia: available at https:// www.e lectropedia. org/
4 Context of the organization
4.1 Understanding the organization and its context
To be able to implement an effective OH&S management system, the organization needs to understand
the context within which it operates and to determine what issues can make it easier or more difficult
to achieve the intended outcomes of the OH&S management system. The intended outcomes as included
in the definition of “occupational health and safety management system” (see ISO 45001:2018, 3.11)
are to prevent injury and ill health to workers and to provide safe and healthy workplaces. It includes
enhancement of OH&S performance, fulfilment of legal requirements and other requirements, and
achievement of OH&S objectives. These are the minimal, core outcomes but an organization can
set additional intended outcomes such as going beyond the requirements of ISO 45001:2018, e.g.
encouraging a supplier to also implement an OH&S management system.
ISO/FDIS 45002:2022(E)
The organization should be aware that external and internal issues can change, and therefore, should be
monitored and reviewed. It is advisable for an organization to conduct reviews of its context at planned
intervals and through activities such as management review.
Examples of external issues that can affect the intended outcomes of an OH&S management system are:
— economic and financial situation, economic activity;
— business sector, markets, international commerce activities, the needs and expectations of
interested parties (contractors, insurance companies, etc.);
— supply chain requirements, including modern slavery;
— terrorist threats;
— technological innovations, equipment, products and systems evolution, the knowledge of OH&S
effects of products and work equipment;
— political and social unrest;
— legal requirements and other requirements, including legislation, sectoral agreements, conventions
and voluntary agreements subscribed to by the organization;
— institutional needs and expectations;
— the geographical location of the company;
— environmental concerns that can have an impact on health and safety, including climate change and
pollution;
— potential emergency situations including pandemics but also floods, earthquakes, etc.
Examples of internal issues that can affect the intended outcomes of an OH&S management system are:
— consultation and participation, issues raised by workers and other interested parties that can
impact the organization’s internal activities and its OH&S management system;
— internal requirements, including policies and practices, mission, vision, values, objectives, strategies,
agreements and guidelines;
— what has been known to cause injuries and ill health in the past;
— organization structure and governance model, work scope, work shifts, roles, functions and
responsibilities;
— work centres and distribution;
— demography (e.g. gender of workers, age range, racial identities, range of languages, workers with
disabilities);
— conditions and extension of services and activities;
— globalization and internalization of the company;
— cultural diversity (e.g. inclusion, racial identities and backgrounds, cultural and religious beliefs,
proficiency in languages, literacy and education levels);
— financial, human (availability, competence, etc.) and technological resources (availability and
conditions of equipment, products, facilities, systems and workplaces) and distribution of resources;
— general planning;
— processes, products and services.
ISO/FDIS 45002:2022(E)
An organization can choose to document this information if it wants to adopt a more structured
approach to its OH&S management system. However, the absence of such documentation should not
impact the ability of the organization to seek and demonstrate conformity to ISO 45001, where it can
evidence a structured approach by other means.
The organization can use different methodologies to determine and evaluate the external and internal
issues. One example is analysing strengths, weakness, opportunities and threats. See Clause 5 for
guidance on how to involve workers in this process.
The issues dealt with in this clause are mainly related to the impact on the OH&S management system
and are usually analysed at high levels of the organization. Specific OH&S risks are dealt with at
operational levels and are considered in 6.1.2 and 6.1.3.
EXAMPLE Real life case 1 on how to implement requirements in ISO 45001:2018, 4.1.
A diverse service organization implemented the requirements of 4.1 and made a high-level analysis of issues
by conducting a brainstorming exercise with participation from OH&S staff, other workers and worker
representatives, knowledgeable persons from various parts of the organization and someone from top
management who champions OH&S. The team discussed external and internal issues from a wide perspective
and determined which were relevant for the OH&S management system. This then served as input to identify
interested parties (see 4.2), determine scope (see 4.3), and address risks and opportunities (see 6.1).
Even though there is no requirement in ISO 45001:2018 to document the result of this context work, the
organization chose to do that anyway and ensure that the whole team agreed on the result. They created a bridge
from context to planning by documenting each relevant issue in a categorized way, stating if this was a current
or future issue, and if it had a positive or negative potential. They also put a value to its relative importance
and stated how the issue should be managed in their system (as an OH&S risk, potential emergency, risk to the
management system, other opportunity, etc.). Table 1 shows part of what they found.
This context exercise is reviewed when there are significant external or internal changes that affect the
organization or the OH&S management system and otherwise when deemed appropriate by the organization.
Table 1 — Some of the external and internal issues found
Category Issue Time Negative OH&S Managed as
frame or management
positive system
importance
Culture: Lack of OH&S interest from top Current Negative High OH&S manage­
internal management ment system risk
Workplace Working at heights with customer Current Negative Medium OH&S risk
hazard installations
Workplace Noise levels in some operations Current Negative High OH&S risk
hazard
Economy: Lack of financial resources for Future Negative Medium Currently not
internal investing in OH&S improvements managed
Activities: Inadequate chemical management Current Negative Medium OH&S risk
internal
Resources: Improvement of OH&S staff Current Positive Medium OH&S manage­
internal competence beyond requirements ment system
opportunity
Technology: New technologies for eliminating Current Positive High OH&S manage­
external hazards and mitigating OH&S risks ment system
developed opportunity
Interested Requirements from customers Future Positive High OH&S manage­
parties: regarding OH&S management ment system
external system certification opportunity
Interested Lack of participation from worker Current Negative High OH&S manage­
parties: representatives ment system risk
internal
ISO/FDIS 45002:2022(E)
TTabablele 1 1 ((ccoonnttiinnueuedd))
Category Issue Time Negative OH&S Managed as
frame or management
positive system
importance
Company: Poor internal OH&S Current Negative Medium OH&S manage­
internal communication ment system risk
Resources: Suppliers of OH&S protection Future Negative Medium OH&S manage­
external equipment, including personal ment system risk
protective equipment (PPE) are
not always able to deliver required
goods when there is increased
market demand
Company: Lack of specific consideration Current Negative High OH&S risk
internal for issues related to gender,
non-binary workers and other spe­
cific groups as well as
provision for these groups
4.2 Understanding the needs and expectations of workers and other interested parties
The needs and expectations (i.e. requirements) of workers and other interested parties are important
when considering the context in which the organization operates. It is important that the organization
takes into account the characteristics of its workers and how these can affect needs and expectations.
Different genders and age groups can have very different needs and expectations than others. Minority
groups (e.g. ethnic minorities, workers with physical or mental disabilities, workers of non-traditional
gender or sexuality) also have needs and expectations which are not always recognized or understood.
Determining interested parties that are relevant to the OH&S management system and developing a
relationship with them enables communication, which can improve worker participation, remove
obstacles to participation, lead to a culture that supports OH&S, and build mutual understanding, trust
and respect.
The organization should identify the relevant needs and expectations of workers and other interested
parties, to determine those that it has to comply with and voluntary agreements that it chooses to
comply with. The methods used and resources applied can vary depending on, for example, the size
and nature of the organization, the finances available, the OH&S risks and opportunities that should be
addressed, and the organization’s experience with OH&S management.
There are three steps that are typically taken to determine what the organization should comply with:
— Step 1: Determining other relevant interested parties, in addition to workers. Workers at all levels
are always at the heart of the OH&S management system. However, other interested parties that are
relevant to the OH&S management system can include:
— trade unions and worker representatives;
— regulatory or statutory agencies;
— communities;
— owners, including investors/shareholders;
— neighbours;
— other companies related to the organization, such as contractors, suppliers or clients;
— institutional bodies, such as inspectorates, OH&S national institutes and OH&S research groups;
— other bodies or companies related to injuries or illnesses, such as social security, compensation
bodies and insurance companies;
ISO/FDIS 45002:2022(E)
— customers (e.g. those requiring suppliers to implement an OH&S management system or that
have specific OH&S-related requirements);
— people that can occasionally be in the facilities or under the control of the organization, such as
visitors, consultants, transport workers, and workers of contractors or suppliers.
Interested parties can change over time and can depend on the sector, industry or the geographic
location in which the organization operates. Changes in the external or internal issues that are
part of the organization’s context can also result in a change in interested parties. It can be good
practice to keep this information up to date.
— Step 2: Determining the relevant needs and expectations (i.e. requirements) of workers and other
interested parties in relation to OH&S. Examples include:
— authorities require the organization to meet legal requirements;
— workers need the organization to provide adequate training to ensure their competence to
control risks from their work or as a result of contractor(s) work;
— specific needs and expectations of, for example, women (correctly fitting PPE), workplace
environment), older workers (accessibility, training/communication methods), workers with
visible or invisible disabilities, workers from different cultural or ethnic backgrounds, and
workers with additional psychological health and safety needs (e.g. due to racial identity,
sexuality, gender or religion);
— contractors need the organization to keep them informed of all OH&S-related policies, processes
and procedures;
— regulators require the organization to provide relevant OH&S information in a timely manner;
— owners need and expect to be kept informed about the organization’s OH&S performance;
— customers require their suppliers to implement fully or partially an OH&S management system;
— suppliers require access to hazard-related information as part of contract negotiations;
— worker representatives expect the organization to provide them with information on OH&S
performance regularly.
There is no single approach to determining needs and expectations. The organization should use
an approach that is appropriate to its scope, nature and scale, and is suitable in terms of detail,
complexity, time, cost and availability of reliable data. Sources for determining worker needs and
expectations can be:
— individual or collective agreements;
— suggestions by workers or their representatives;
— surveys carried out by the organization;
— informal discussions with workers.
— Step 3: Determining which needs and expectations are, or can become, legal requirements and other
requirements:
— An organization should determine which of the relevant interested parties’ needs and
expectations it has to comply with (legal requirements), and then which of the remaining needs
and expectations it chooses to adopt (other requirements). This general, high-level knowledge
then gives input into managing legal requirements and other requirements as further detailed
in 6.1.3.
— For requirements set by a regulatory body, the organization should gain knowledge of areas of
legislation that are applicable to its circumstances and operations and relevant in the context of
ISO/FDIS 45002:2022(E)
ISO 45001. The organization should ensure that legislation and regulatory body requirements
relating to fairness, equality and discrimination are taken into account.
— In the case of voluntary commitments (other requirements), the organization should gain broad
knowledge of relevant needs and expectations. This knowledge enables the organization to
understand the implications these can have on the achievement of the intended outcomes of its
OH&S management system.
The organization should consider the output from the steps above when setting the scope of its OH&S
management system, establishing its OH&S policy, and addressing risks and opportunities. Although
not a requirement, it can be useful to document this information to facilitate its use to meet other
requirements in ISO 45001.
EXAMPLE 1 Real life case 1 on how to implement requirements in ISO 45001:2018, 4.2.
A medium-sized manufacturing organization identified the following interested parties during the context
analysis of its external and internal issues:
— External, on-site (sometimes): Customers, visitors, suppliers, external consultants, labour inspectors,
insurance companies, waste management companies, fire department and ambulance workers.
— External, off-site: Creditors, competitors, regulatory authorities, shareholders, social insurance agencies,
neighbours, lenders and other finance institutions, and labour organizations.
— Internal: Workers including top management, worker representatives, works council and fire brigade
members, contractors.
In the form of a brainstorming workshop, the organization then listed everything it could think of that these
different interested parties required or might require of the organization related to OH&S. Then it also listed
anything anyone in the workshop could remember that these interested parties had asked about or even shown
an interest in, in relation to OH&S. They also included requirements from the past and added things they thought
would become requirements or become important for interested parties in coming years.
The final step was to decide which of these needs and expectations the organization would need to or chose
to comply with. These included legal requirements, collective agreements, board and top management OH&S-
related decisions (although they found two that were in conflict that needed to be resolved) and contractual
agreements.
The outcome was documented in a file and was then used as a starting point for the process of going into details
about legal requirements and other requirements and how these were met by the organization (see 6.1.3).
Table 2 shows what the file contained.
Table 2
Interested party Needs and/or expects the organization to:
Workers: — provide adequate training to ensure their competence to control risks from their work
or as a result of contractor(s) work processes and procedures
— be transparent and disclose OH&S information
— recognize and appreciate good initiatives and OH&S performance
— recognize that different groups of workers (related to gender, age, disabilities etc.) can
be exposed to different OH&S risks and take steps to address these
— ensure that workers have the possibility to participate in the planning and decisions
related to the execution of work tasks
ISO/FDIS 45002:2022(E)
TTabablele 2 2 ((ccoonnttiinnueuedd))
Interested party Needs and/or expects the organization to:
Authorities — meet legal requirements
— provide relevant OH&S information in a timely manner
— align its OH&S management system with government objectives
— promote compliance with applicable regulations and standards to contractors
Contractors — keep them informed of all OH&S-related policies, manner
— recognize and appreciate good OH&S performance, initiatives and collaboration
Owners — keep them informed on the organization’s OH&S performance
— good communication and coordination
— implement a sustainable OH&S management system
Customers — implement an OH&S management system that they have set up as a requirement for
suppliers
— supply products that are safe to use
— supply products in time and not delayed by incidents
— take a general approach to sustainable development that includes OH&S
Suppliers — be clear and consistent on what they require in relation to OH&S in contract
negotiations
— recognize and appreciate good OH&S performance, initiatives and collaboration
Worker — ensure a safe and healthy workplace with no serious OH&S incidents
representatives
— clarify OH&S rules as well as roles and responsibilities
— provide them with information on OH&S performance on a regular basis.
EXAMPLE 2 Real life case 2 on how to implement requirements in ISO 45001:2018, 4.2.
A small service organization conducted a survey of identified interested parties during two workshops with
participation from the OH&S manager, operations manager, worker representative, human relations manager,
a lawyer and two external consultants. First, the group identified the relevant interested parties; then it listed
anything anyone in the workshop knew that these interested parties had asked or shown an interest in, in
relation to OH&S.
They also included requirements from the past and added things they thought would become requirements or
become important for interested parties in coming years.
The results of the survey were reviewed by the owner and was sent to the worker representative to ask for
further input and/or review. Based on this input the company determined what to comply with. The outcome was
shared with employees at a meeting to obtain feedback and establish a plan for implementation.
4.3 Determining the scope of the OH&S management system
To clarify what is and what is not within the scope of its OH&S management system, the organization
should determine the boundaries and applicability of the management system, using the outputs from
4.1 and 4.2, and considering its activities. Implementing an OH&S management system can be done
with respect to the entire organization or to a subdivision of the organization.
Care should be taken to consider geographical, jurisdictional, physical and organizational boundaries
when defining and documenting the scope of the OH&S management system.
The organization should understand the extent of control or influence that it can exert over activities,
products and services before deciding on the scope. However, it is critical to the success of the OH&S
ISO/FDIS 45002:2022(E)
management system and to the credibility of the organization to ensure that the scope is not defined in
a way that excludes activities, products, services or facilities that have or can have significant impact
on the OH&S performance. The scope should also not be set to evade legal requirements or other
requirements, or to mislead interested parties.
If the organization changes its sphere of control or influence, expands or contracts its operations, or
makes other changes likely to affect the OH&S management system, the scope should be reconsidered.
When considering the scope of the OH&S management system, it is important to understand that
outsourced functions and processes can impact the intended outcomes of the OH&S management
system. Organizations should consider these activities when scoping the boundaries of their
management system. Further detail on outsourced functions is available in 8.1.4.3.
It is good practice to make the scope available to interested parties. There are several methods for
doing so (e.g. using a written description, inclusion on a site map, an organizational diagram, a webpage,
posting a public statement).
EXAMPLE 1 Real life case 1 on how to implement requirements in ISO 45001:2018, 4.3.
A large multiple location company reviewed the requirements of ISO 45001. Following the requirements, this
company determined its external and internal issues along with the needs and expectations of interested parties.
They then decided to start with a pilot implementation of an OH&S management system at one of their locations
with all its processes. The goal was to use the experiences from this pilot to see how OH&S performance could be
improved throughout the whole organization. This decision was documented and communicated internally and
made public on the company’s website.
EXAMPLE 2 Real life case 2 on how to implement requirements in ISO 45001:2018, 4.3.
A large organization has operations in many locations globally. It has experience with implementing another
management system in steps over a number of years and this did not work out well. The main reasons for this
were that:
— both top management and the rest of the organization started to lose interest over time when only a minor
part of the organization was involved during the first 1 to 2 years;
— a high turnover of staff meant that experiences from the first implementation were difficult to carry over to
other sites;
— business challenges due to economic and market changes created issues with top management focus.
The organization decides to implement the OH&S management system throughout the whole organization in 80
locations. They are aware this is a major commitment, but injuries and ill health are an issue in many locations,
and they do not want to give the impression that safety in one location is more important than in another. Based
on their review of requirements from interested parties there is also an expectation from both the board and
from key customers that they should have an OH&S management system in place.
EXAMPLE 3 Real life case 3 on how to implement requirements in ISO 45001:2018, 4.3.
A small factory decided that implementing an OH&S management system would reduce injuries and create a
safe and healthy workplace. The owner held a meeting with its 50 employees to gather information about their
needs and expectations. The owner then considered both external and internal issues facing the company,
such as growth and scarce resources. The owner developed a plan to implement ISO 45001:2018 step by step
over a period of two years. The scope included all processes and activities of the organization, including work
currently outsource
...

ISO/FDIS 45002:2022(E)
Date: 2022-0810-13
ISO TC 283/WG 3
Secretariat: BSI
Occupational health and safety management systems — General
guidelines for the implementation of ISO 45001:2018

ISO/FDIS 45002:2022(E)
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of
this publication may be reproduced or utilized otherwise in any form or by any means, electronic or
mechanical, including photocopying, or posting on the internet or an intranet, without prior written
permission. Permission can be requested from either ISO at the address below or ISO’s member body in the
country of the requester.
ISO Copyright Office
CP 401 • CH-1214 Vernier, Geneva
Phone: + 41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland.
ii © ISO 2022 – All rights reserved

ISO/FDIS 45002:2022(E)
Contents
Foreword . v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Context of the organization . 1
4.1 Understanding the organization and its context . 1
4.2 Understanding the needs and expectations of workers and other interested parties 5
4.3 Determining the scope of the OH&S management system . 9
4.4 OH&S management system . 11
5 Leadership and worker participation . 11
5.1 Leadership and commitment . 11
5.2 OH&S policy . 13
5.3 Organizational roles, responsibilities and authorities . 15
5.4 Consultation and participation of workers . 16
6 Planning . 18
6.1 Actions to address risks and opportunities . 18
6.1.1 General . 18
6.1.2 Hazard identification and assessment of risks and opportunities . 19
6.1.3 Determination of legal requirements and other requirements . 32
6.1.4 Planning action . 35
6.2 OH&S objectives and planning to achieve them . 36
6.2.1 OH&S objectives . 36
6.2.2 Planning to achieve OH&S objectives . 37
7 Support . 38
7.1 Resources . 38
7.2 Competence . 39
7.3 Awareness . 41
7.4 Communication . 43
7.4.1 General . 43
7.4.2 Internal communication . 45
7.4.3 External communication . 46
7.5 Documented information . 47
7.5.1 General . 47
7.5.2 Creating and updating . 49
7.5.3 Control of documented information . 50
8 Operation . 51
8.1 Operational planning and control . 51
8.1.1 General . 51
8.1.2 Eliminating hazards and reducing OH&S risks . 55
8.1.3 Management of change . 58
8.1.4 Procurement . 59
8.2 Emergency preparedness and response . 62
9 Performance evaluation . 67
9.1 Monitoring, measurement, analysis and performance evaluation . 67
ISO/FDIS 45002:2022(E)
9.1.1 General . 67
9.1.2 Evaluation of compliance . 71
9.2 Internal audit . 72
9.2.1 General . 72
9.2.2 Internal audit programme . 72
9.3 Management review . 74
10 Improvement . 76
10.1 General . 76
10.2 Incident, nonconformity and corrective action . 76
10.3 Continual improvement . 79
Bibliography . 81

iv © ISO 2022 – All rights reserved

ISO/FDIS 45002:2022(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO
collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any
patent rights identified during the development of the document will be in the Introduction and/or on
the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO’s adherence to the World
Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 283, Occupational health and safety
management.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
ISO/FDIS 45002:2022(E)
Introduction
An organization is responsible for the occupational health and safety (OH&S) of its workers. This
responsibility includes promoting and protecting their physical and mental health. The organization is
also responsible for taking steps to protect others who can be affected by its activities. This is best
achieved through an OH&S management system.
The purpose of an OH&S management system is to provide a framework for managing OH&S risks and
opportunities, and for managing risks and opportunities to the management system itself. The intended
outcomes of the OH&S management system are to continually improve the OH&S performance, to fulfil
legal requirements and other requirements, and to achieve the OH&S objectives.
This document is intended to givegives guidance on how to implement the requirements in
ISO 45001:2018 in any type of organization and should be used in conjunction with this
standard.ISO 45001:2018. Where ISO 45001:2018 states what needs to be done, this document expands
on that and gives guidance, including real-life cases, on how it can be done. A complement to this general
guidance could be theis a handbook “ISO 45001:2018 occupational health and safety management
systems - a practical guide for small organizations”., see Reference [2].
The intention of ISO 45001:2018 is to enable organizations to protect all workers from injury and ill
health, regardless of individual characteristics. This document provides additional guidance on how to
ensure the specific needs of individuals and groups of workers are addressed, recognizing that a generic
approach to OH&S management can lead to the needs of different genders, age and minority groups not
being fully addressed.
Many requirements of ISO 45001:2018 contain terms such as “as appropriate”, “as applicable“,” or
“relevant”. These terms signal that the organization should determine whether and how the requirement
pertains to the organization, taking into account its conditions, processes, or context. In this document,
the meaning of these terms is as follows:
• — “as appropriate” means: suitable or proper in the circumstances thisand implies some degree of
freedom, i.e. it is up to the organization to decide what to do,;
• — “as applicable” means: possible to apply and implies that if it can be done, it should be done. ;
• — “relevant” means: directed and connected to the subject, i.e. pertinent.
The OH&S management system approach applied in this document is founded on the concept of Plan-Do-
Check-Act (PDCA). The PDCA concept is an iterative process used by organizations to achieve continual
improvement. It can be applied to an OH&S management system and to each of its individual elements,
as follows:
a) Plan: determine and assess OH&S risks, OH&S opportunities and other risks and other opportunities
that can influence the intended outcomes of the OH&S management system and establish OH&S
objectives and processes necessary to deliver results in accordance with the organization’s OH&S
policy.
b) Do: implement the processes as planned.
c) Check: monitor and measure activities and processes with regard to the OH&S policy and OH&S
objectives and report the results.
d) Act: take actions to continually improve the OH&S performance to achieve the intended outcomes.
The PDCA concept and relationship to this document is shown in Figure 1.
vi © ISO 2022 – All rights reserved

ISO/FDIS 45002:2022(E)
NOTE The numbers given in brackets refer to the clause numbers in this document.
Figure 1 — Relationship between PDCA and the framework in this document
FINAL DRAFT INTERNATIONAL STANDARD ISO/FDIS 45002:2022(E)

Occupational health and safety management systems — General
guidelines for the implementation of ISO 45001:2018
1 Scope
This document gives guidance on the establishment, implementation, maintenance and continual
improvement of an occupational health and safety (OH&S) management system that can help
organizations conform to ISO 45001:2018.
NOTE 1 While the guidance in this document is consistent with the ISO 45001:2018 OH&S management system
model, it is not intended to provide interpretations of the requirements in ISO 45001.
NOTE 2 The use of the term “should” in this document does not weaken any of the requirements in ISO 45001:2018
or add new requirements.
NOTE 3 For most of the clauses in this document, there are real-life cases on how different types of organizations
have implemented the requirements. These are not intended to suggest the only or best way to do this, but to
describe one way this was done by an organization.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 45001:2018, Occupational health and safety management systems — Requirements with guidance for
use
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 45001:2018 apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https://www.iso.org/obp
— IEC Electropedia: available at https://www.electropedia.org/
4 Context of the organization
4.1 Understanding the organization and its context
To be able to implement an effective OH&S management system, the organization needs to understand
the context within which it operates and to determine what issues can make it easier or more difficult to
achieve the intended outcomes of the OH&S management system. The intended outcomes as included in
ISO/FDIS 45002:2022(E)
the definition of “occupational health and safety management system” (see ISO 45001:2018;, 3.11) are to
prevent injury and ill health to workers and to provide safe and healthy workplaces. It includes
enhancement of OH&S performance, fulfilment of legal requirements and other requirements, and
achievement of OH&S objectives. These are the minimal, core outcomes but an organization can set
additional intended outcomes such as going beyond the requirements of ISO 45001:2018, e.g.
encouraging a supplier to also implement an OH&S management system.
The organization should be aware that external and internal issues can change, and therefore, should be
monitored and reviewed. It is advisable for an organization to conduct reviews of its context at planned
intervals and through activities such as management review.
Examples of external issues that can affect the intended outcomes of an OH&S management system are:
Internal issues
— economic and financial situation, economic activity;
— business sector, markets, international commerce activities, the needs and expectations of interested
parties (contractors, insurance companies, etc.);
— supply chain requirements, including modern slavery;
— terrorist threats;
— technological innovations, equipment, products and systems evolution, the knowledge of OH&S
effects of products and work equipment;
— political and social unrest;
— legal requirements and other requirements, including legislation, sectoral agreements, conventions
and voluntary agreements subscribed to by the organization;
— institutional needs and expectations;
— the geographical location of the company;
— environmental concerns that can have an impact on health and safety, including climate change and
pollution;
— potential emergency situations including pandemics but also floods, earthquakes, etc.
Examples of internal issues that can affect the intended outcomes of an OH&S management system are:
— consultation and participation, issues raised by workers and other interested parties that can impact
the organization’s internal activities and its OH&S management system;
— internal requirements:, including policies and practices, mission, vision, values, objectives, strategies,
agreements, and guidelines;
— what has been known to cause injuries and ill health in the past;
— organization structure and governance model, work scope, work shifts, roles, functions and
responsibilities;
— work centres and distribution;
2 © ISO 2022 – All rights reserved

ISO/FDIS 45002:2022(E)
— demography (e.g. gendersgender of workers, age range, racial identities, range of languages, workers
with disabilities);
— conditions and extension of services and activities;
— globalization and internalization of the company;
— cultural diversity (e.g. inclusion, racial identities and backgrounds, cultural and religious beliefs,
proficiency in languages, literacy and education levels);
— financial, human (availability, competence, etc.) and technological resources (availability and
conditions of equipment, products, facilities, systems and workplaces) and distribution of resources;
— general planning;
— processes, products and services.

External issues
• economic and financial situation, economic activity;
• business sector, markets, international commerce activities, the needs and expectations of
interested parties (contractors, insurance companies, etc.);
• supply chain requirements, including modern slavery;
• terrorist threats;
• technological innovations, equipment, products and systems evolution and the knowledge of
OH&S effects of products and work equipment;
• political and social unrest;
• legal requirements and other requirements: legislation, sectoral agreements, conventions,
voluntary agreements subscribed to by the organization;
• institutional needs and expectations;
• the geographical location of the company
• environmental concerns that can have an impact on health & safety, including climate change and
pollution:
• potential emergency situations including pandemics but also floodings, earthquakes etc.
An organization can choose to document this information if it wants to adopt a more structured approach
to its OH&S management system. However, the absence of such documentation should not impact the
ability of the organization to seek and demonstrate conformity to ISO 45001, where it can evidence a
structured approach by other means.
The organization can use different methodologies to determine and evaluate the external and internal
issues. One example is analysing strengths, weakness, opportunities and threats. See Clause 5 for
guidance on how to involve workers in this process.
The issues dealt with in this clause are mainly related to the impact on the OH&S management system
and are usually analysed at high levels of the organization. Specific OH&S risks are dealt with at
operational levels and are considered in 6.1.2 and 6.1.3.
EXAMPLE Real life case 1 on how to implement requirements in ISO 45001:2018, 4.1.
ISO/FDIS 45002:2022(E)
A diverse service organization implemented the requirements of 4.1 and made a high-level analysis of issues by
conducting a brain-stormingbrainstorming exercise with participation from OH&S staff, other workers and worker
representatives, knowledgeable persons from various parts of the organization and someone from top management
who champions OH&S. The team discussed external and internal issues from a wide perspective and determined
which were relevant for the OH&S management system. This then served as input to identify interested parties (see
4.2), determine scope (see 4.3), and address risks and opportunities (see 6.1).
Even though there is no requirement in ISO 45001:2018 to document the result of this context work, the
organization chose to do that anyway and ensure that the whole team agreed on the result. They created a bridge
from context to planning by documenting each relevant issue in a categorized way, stating if this was a current or
future issue, and if it had a positive or negative potential. They also put a value to its relative importance and stated
how the issue should be managed in their system (as an OH&S risk, potential emergency, risk to the management
system, other opportunity, etc.). Table 1 shows part of what they found.
This context exercise is reviewed when there are significant external or internal changes that affect the organization
or the OH&S management system and otherwise when deemed appropriate by the organization.
Table 1 — Some of the external and internal issues found
Category Issue Time Negative OHSMS Managed as
frame or OH&S
positive management
system
importance
Culture: Lack of OH&S interest from top Current Negative High OH&S
internal management management
system risk
Workplace Working at heights with customer Current Negative Medium OH&S risk
hazard installations
Workplace Noise levels in some operations Current Negative High OH&S risk
hazard
Economy: Lack of financial resources for Future Negative Medium Currently not
internal investing in OH&S improvements managed
Activities: Inadequate chemical management Current Negative Medium OH&S risk
internal
Resources: Improvement of OH&S staff Current Positive Medium OH&S
internal competence beyond requirements management
system
opportunity
Technology: New technologies for eliminating Current Positive High OH&S
external hazards and mitigating OH&S risks management
developed system
opportunity
Interested Requirements from customers Future Positive High OH&S
parties: regarding OH&S management management
external system certification system
opportunity
Interested Lack of participation from worker Current Negative High OH&S
parties: representatives management
internal system risk
4 © ISO 2022 – All rights reserved

ISO/FDIS 45002:2022(E)
Category Issue Time Negative OHSMS Managed as
frame or OH&S
positive management
system
importance
Company: Poor internal OH&S Current Negative Medium OH&S
internal communication management
system risk
Resources: Suppliers of OH&S protection Future Negative Medium OH&S
external equipment, including personal management
protective equipment (PPE) are not system risk
always able to deliver required
goods when there is increased
market demand
Company: Lack of specific consideration Current Negative High OH&S risk
internal for issues related to gender,
non-binary workers and other
specific groups as well as
provision for these groups
4.2 Understanding the needs and expectations of workers and other interested parties
The needs and expectations (i.e. requirements) of workers and other interested parties are important
when considering the context in which the organization operates. It is important that the organization
takes into account the characteristics of its workers and how these can affect needs and expectations.
Different genders and age groups maycan have very different needs and expectations than others.
Minority groups (e.g. ethnic minorities, workers with physical or mental disabilities, workers of non-
traditional gender or sexuality) also have needs and expectations which are not always recognized or
understood. Determining interested parties that are relevant to the OH&S management system and
developing a relationship with them enables communication, which can improve worker participation,
remove obstacles to participation, lead to a culture that supports OH&S, and build mutual understanding,
trust and respect.
The organization should identify the relevant needs and expectations of workers and other interested
parties, to determine those that it has to comply with and voluntary agreements that it chooses to comply
with. The methods used and resources applied can vary depending on, for example, the size and nature
of the organization, the finances available, the OH&S risks and opportunities that should be addressed,
and the organization’s experience with OH&S management.
There are three steps that are typically taken to determine what the organization should comply with:
— Step 1: Determining other relevant interested parties, in addition to workers. Workers at all levels
are always at the heart of the OH&S management system. However, other interested parties that are
relevant to the OH&S management system. can include:
a)— trade unions and worker representatives;
b)—regulatory or statutory agencies;
c)— communities;
d)— owners, including investors/shareholders;
e)— neighbours;
ISO/FDIS 45002:2022(E)
f)— other companies related to the organization, likesuch as contractors or, suppliers or clients;
g)— institutional bodies, likesuch as inspectorates, OH&S national institutes, and OH&S research
groups;
h)— other bodies or companies related to injuries or illnesses, likesuch as social security,
compensation bodies and insurance companies;
i)— customers (e.g. those requiring suppliers to implement an OH&S management system or that
have specific OH&S-related requirements;);
j)— people that can occasionally be in the facilities or under the control of the organization:, such as
visitors, consultants, transport workers, and workers of contractors or suppliers.
Interested parties can change over time and can depend on the sector, industry or the geographic
location in which the organization operates. Changes in the external or internal or external issues
that are part of the organization’s context can also result in a change in interested parties. It can be
good practice to keep this information up to date.
— Step 2: Determining the relevant needs and expectations (i.e. requirements) of workers and other
interested parties.
The next step is to determine the requirements (needs and expectations) of the interested parties, in
relation to OH&S. Examples of needs and expectations relevant to OH&S management can include:
— authorities require the organization to meet legal requirements;
— workers need the organization to provide adequate training to ensure their competence to
control risks from their work or as a result of contractor(s) work;
— specific needs and expectationexpectations of e.g., for example, women (correctly fitting PPE,),
workplace environment), older workers (accessibility, training/communication methods),
workers with visible or invisible disabilities, workers from different cultural or ethnic
backgrounds, and workers with additional psychological health and safety needs (e.g. due to
racial identity, sexuality, gender, or religion).);
— contractors need the organization to keep them informed of all OH&S-related policies, processes
and procedures;
— regulators require the organization to provide relevant OH&S information in a timely manner;
— owners need and expect to be kept informed onabout the organization’s OH&S performance;
— customers can require their suppliers to implement fully or partially an OH&S management
system;
— suppliers requiringrequire access to hazard-related information as part of contract negotiations;
— worker representatives expect the organization to provide them with information on OH&S
performance regularly.
There is no single approach to determining needs and expectations. The organization should use an
approach that is appropriate to its scope, nature and scale, and is suitable in terms of detail,
6 © ISO 2022 – All rights reserved

ISO/FDIS 45002:2022(E)
complexity, time, cost and availability of reliable data. Sources for determining worker needs and
expectations can be:
— individual or collective agreements;
— suggestions by workers or their representatives;
— surveys carried out by the organization;
— informal discussions with workers.
— Step 3: Determining which needs and expectations are, or can become, legal requirements and other
requirements.:
— An organization should determine which of the relevant interested parties’ needs and
expectations it has to comply with (legal requirements), and then which of the remaining needs
and expectations it chooses to adopt (other requirements). This general, high-level knowledge
then gives input tointo managing legal requirements and other requirements as further detailed
in 6.1.3.
— For requirements set by a regulatory body, the organization should gain knowledge of areas of
legislation that are applicable to its circumstances and operations and relevant in the context of
ISO 45001. The organization should ensure that legislation and regulatory body requirements
relating to fairness, equality and discrimination isare taken into account.
— In the case of voluntary commitments (other requirements), the organization should gain broad
knowledge of relevant needs and expectations. This knowledge enables the organization to
understand the implications these can have on the achievement of the intended outcomes of its
OH&S management system.
The organization should consider the output from the steps above when setting the scope of its OH&S
management system, establishing its OH&S policy, and addressing risks and opportunities. Although not
a requirement, it can be useful to document this information to facilitate its use to meet other
requirements in ISO 45001.
EXAMPLE 1 Real life case 1 on how to implement requirements in ISO 45001:2018, 4.2.
A medium-sized manufacturing organization identified the following interested parties during the context analysis
of its external and internal and external issues:
—  Internal: Workers including top management, worker representatives, works council and fire brigade
members, contractors.
—  — External, on-site (sometimes): Customers, visitors, suppliers, external consultants, labour inspectors,
insurance companies, waste management companies, fire department and ambulance workers.
— External, off-site: Creditors, competitors, regulatory authorities, shareholders, social insurance agencies,
neighbours, lenders and other finance institutions, and labour organizations.
— Internal: Workers including top management, worker representatives, works council and fire brigade
members, contractors.
In the form of a brainstorming workshop, the organization then listed everything it could think of that these
different interested parties required or might require of the organization related to OH&S. Then it also listed
anything anyone in the workshop could remember that these interested parties had asked about or even shown an
ISO/FDIS 45002:2022(E)
interest in, in relation to OH&S. They also included requirements from the past and added things they thought would
become requirements or become important for interested parties in coming years.
The final step was to decide which of these needs and expectations the organization would need to or chose to
comply with. These included legal requirements, collective agreements, board and top management OH&S-related
decisions (although they found two that were in conflict that needed to be resolved) and contractual agreements.
The outcome was documented in a file and was then used as a starting point for the process of going into details
about legal requirements and other requirements and how these were met by the organization (see 6.1.3).
Table 2 shows what the file contained.
Table 2
Interested party Needs and/or expects the organization to:
— provide adequate training to ensure their competence to control risks from their work
Workers:
or as a result of contractor(s) work processes and procedures
— be transparent and disclose OH&S information
— recognize and appreciate good initiatives and OH&S performance
— recognize that different groups of workers (related to gender, age, disabilities etc.) can
be exposed to different OH&S risks and take steps to address these
— ensure that workers have the possibility to participate in the planning and decisions
related to the execution of work tasks
— meet legal requirements
Authorities
— provide relevant OH&S information in a timely manner
— align its OH&S management system with government objectives
— promote compliance with applicable regulations and standards to contractors
— keep them informed of all OH&S-related policies, manner
Contractors
— recognize and appreciate good OH&S performance, initiatives and collaboration
— keep them informed on the organization’s OH&S performance
Owners
— good communication and coordination
— implement a sustainable OH&S management system
— implement an OH&S management system that they have set up as a requirement for
Customers
suppliers
— supply products that are safe to use
— supply products in time and not delayed by incidents
— take a general approach to sustainable development that includes OH&S
8 © ISO 2022 – All rights reserved

ISO/FDIS 45002:2022(E)
Interested party Needs and/or expects the organization to:
— be clear and consistent on what they require in relation to OH&S in contract
Suppliers
negotiations
— recognize and appreciate good OH&S performance, initiatives and collaboration
— ensure a safe and healthy workplace with no serious OHSOH&S incidents
Worker
representatives
— clarify OH&S rules as well as roles and responsibilities
— provide them with information on OH&S performance on a regular basis.
EXAMPLE 2 Real life case 2 on how to implement requirements in ISO 45001:2018, 4.2.
A small service organization conducted a survey of identified interested parties during two workshops with
participation from the OH&S manager, operations manager, worker representative, human relations manager, a
lawyer and two external consultants. First, the group identified the relevant interested parties; then it listed
anything anyone in the workshop knew that these interested parties had asked or shown an interest in, in relation
to OH&S.
They also included requirements from the past and added things they thought would become requirements or
become important for interested parties in coming years.
The results of the survey were reviewed by the owner and was sent to the worker representative to ask for further
input and/or review. Based on this input the company determined what to comply with. The outcome was shared
with employees at a meeting to obtain feedback and establish a plan for implementation.
4.3 Determining the scope of the OH&S management system
To clarify what is and what is not within the scope of its OH&S management system, the organization
should determine the boundaries and applicability of the management system, using the outputs from
clauses, 4.1 and 4.2, and considering its activities. Implementing an OH&S management system can be
done with respect to the entire organization, or to a subdivision of the organization.
Care should be taken to consider geographical, jurisdictional, physical and organizational boundaries
when defining and documenting the scope of the OH&S management system.
The organization should understand the extent of control or influence that it can exert over activities,
products and services before deciding on the scope. However, it is critical to the success of the OH&S
management system and to the credibility of the organization to ensure that the scope is not defined in a
way that excludes activities, products, services or facilities that have or can have significant impact on the
OH&S performance. The scope should also not be set to evade legal requirements or other requirements,
or to mislead interested parties.
If the organization changes its sphere of control or influence, expands or contracts its operations, or
makes other changes likely to affect the OH%&S management system, the scope should be reconsidered.
When considering the scope of the OH&S management system, it is important to understand that
outsourced functions and processes, can impact the intended outcomes of the OH&S management system.
Organizations should consider these activities when scoping the boundaries of their management system.
Further detail on outsourced functions is available in 8.1.4.3.
It is good practice to make the scope available to interested parties. There are several methods for doing
so, (e.g. using a written description, inclusion on a site map, an organizational diagram, a webpage or,
posting a public statement.).
ISO/FDIS 45002:2022(E)
EXAMPLE 1 Real life case 1 on how to implement requirements in ISO 45001:2018, 4.3.
A large multiple location company reviewed the requirements of ISO 45001. Following the requirements, this
company determined its external and internal issues along with the needs and expectations of interested parties.
They then decided to start with a pilot implementation of an OH&S management system at one of their locations
with all its processes. The goal was to use the experiences from this pilot to see how OH&S performance could be
improved throughout the whole organization. This decision was documented and communicated internally and
made public on the company’s website.
EXAMPLE 2 Real life case 2 on how to implement requirements in ISO 45001:2018, 4.3.
A large organization has operations in many locations globally. It has experience with implementing another
management system in steps over a number of years and this did not work out well. The main reasons for this were
that:
— both top management and the rest of the organization started to lose interest over time when only a minor part
of the organization was involved during the first 1 to 2 years;
— a high turnover of staff meant that experiences from the first implementation were difficult to carry over to
other sites;
— business challenges due to economic and market changes created issues with top management focus.
The organization decides to implement the OH&S management system throughout the whole organization in 80
locations. They are aware this is a major commitment, but injuries and ill health are an issue in many locations, and
they do not want to give the impression that safety in one location is more important than in another. Based on their
review of requirements from interested parties there is also an expectation from both the board and from key
customers that they should have an OH&S management system in place.
EXAMPLE 3 Real life case 3 on how to implement requirements in ISO 45001:2018, 4.3.
A small factory decided that implementing an OH&S management system would reduce injuries and create a safe
and healthy workplace. The owner held a meeting with its 50 employees to gather information about their needs
and expectations. The owner then considered both external and internal issues facing the company, such as growth
and scarce resources. The owner developed a plan to implement ISO 45001:2018 step by step over a period of two
years. The scope included all processes and activities of the organization, including work currently outsourced to
another organization. The owner documented the scope and the implementation plan and communicated it at the
next employee meeting. The scope and plan were also posted on their webpage for external stakeholders.
EXAMPLE 4 Real life case 4 on how to implement requirements in ISO 45001:2018, 4.3.
A small company that designs and manufactures plastic cutlery for airlines discusses the scope for their OH&S
management system. They have one manufacturing building that occupies part of a fairly large piece of land that
was previously used for other purposes.
Modern technology has reduced the need for such a large piece of land for its core manufacturing activities, so they
decide to open a restaurant close to the manufacturing building.
At the same time, the organization decided to implement an OH&S management system at the manufacturing plant
only. The scope of the OH&S management system was defined as “Designing and manufacturing plastic cutlery at
site X”.
Although the restaurant is located on the same piece of land owned by the same company, the OH&S management
system considers the “workplace” to be only the part of the site occupied by the manufacturing plant.
10 © ISO 2022 – All rights reserved

ISO/FDIS 45002:2022(E)
4.4 OH&S management system
This is a general clause requiring organizations to look after the OHSOH&S management system, which
can be seen as a set of processes that, if operating in a coordinated manner, will help to ensure that the
expected outcomes are achieved. Specific requirements for individual elementelements or management
system processes can be found in each of the other clauses of ISO 45001.
The level of
...

NORMA ISO
INTERNACIONAL 45002
Traducción oficial
Primera edición
2023-02
Official translation
Traduction officielle
Sistemas de gestión de la seguridad
y salud en el trabajo — Directrices
generales para la implementación de
la Norma ISO 45001:2018
Occupational health and safety management systems — General
guidelines for the implementation of ISO 45001:2018
Systèmes de management de la santé et de la sécurité au travail —
Lignes directrices générales pour la mise en œuvre de l'ISO
45001:2018
Publicado por la Secretaría Central de ISO en Ginebra, Suiza,
como traducción oficial en español avalada por el Translation
Management Group, que ha certificado la conformidad en relación
con las versiones inglesa y francesa.
Número de referencia
DOCUMENTO PROTEGIDO POR COPYRIGHT
© ISO 2023
Reservados los derechos de reproducción. Salvo prescripción diferente, no podrá reproducirse ni utilizarse ninguna parte de
esta publicación bajo ninguna forma y por ningún medio, electrónico o mecánico, incluidos el fotocopiado, o la publicación en
Internet o una Intranet, sin la autorización previa por escrito. La autorización puede solicitarse a ISO en la siguiente dirección o al
organismo miembro de ISO en el país solicitante.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Publicado en Suiza
Version espanola publicada en 2024
Traducción oficial/Official translation/Traduction officielle
ii
Índice Página
Prólogo .v
Prólogo de la versión en español. vi
Introducción .vii
1 Objeto y campo de aplicación . 1
2 Referencias normativas . 1
3 Términos y definiciones .1
4 Contexto de la organización . 1
4.1 Comprensión de la organización y de su contexto . 1
4.2 Comprensión de las necesidades y expectativas de los trabajadores y de otras
partes interesadas . 5
4.3 Determinación del alcance del sistema de gestión de la SST. 9
4.4 Sistema de gestión de la SST . 10
5 Liderazgo y participación de los trabajadores .11
5.1 Liderazgo y compromiso . 11
5.2 Política de la SST .13
5.3 Roles, responsabilidades y autoridades en la organización . 15
5.4 Consulta y participación de los trabajadores . 16
6 Planificación .18
6.1 Acciones para abordar riesgos y oportunidades . 18
6.1.1 Generalidades . 18
6.1.2 Identificación de peligros y evaluación de los riesgos y oportunidades . 18
6.1.3 Determinación de los requisitos legales y otros requisitos . 31
6.1.4 Planificación de acciones .34
6.2 Objetivos de la SST y su planificación para lograrlos.34
6.2.1 Objetivos de la SST .34
6.2.2 Planificación para lograr los objetivos de la SST .36
7 Apoyo .38
7.1 Recursos .38
7.2 Competencia .38
7.3 Toma de conciencia .40
7.4 Comunicación. 42
7.4.1 Generalidades . 42
7.4.2 Comunicación interna .44
7.4.3 Comunicación externa . 45
7.5 Información documentada .46
7.5.1 Generalidades .46
7.5.2 Creación y actualización .48
7.5.3 Control de la información documentada.49
8 Operación .50
8.1 Planificación y control operacional .50
8.1.1 Generalidades .50
8.1.2 Eliminar peligros y reducir riesgos para la SST .54
8.1.3 Gestión del cambio .56
8.1.4 Compras . 57
8.2 Preparación y respuesta ante emergencias . 61
9 Evaluación del desempeño .65
9.1 Seguimiento, medición, análisis y evaluación del desempeño .65
9.1.1 Generalidades .65
9.1.2 Evaluación del cumplimiento . 69
9.2 Auditoría interna . 70
Traducción oficial/Official translation/Traduction officielle
iii
9.2.1 Generalidades . 70
9.2.2 Programa de auditoría interna . 70
9.3 Revisión por la dirección .73
10 Mejora .74
10.1 Generalidades .74
10.2 Incidentes, no conformidades y acciones correctivas .74
10.3 Mejora continua .77
Bibliografía.79
Traducción oficial/Official translation/Traduction officielle
iv
Prólogo
ISO (Organización Internacional de Normalización) es una federación mundial de organismos
nacionales de normalización (organismos miembros de ISO). El trabajo de elaboración de las Normas
Internacionales se lleva a cabo normalmente a través de los comités técnicos de ISO. Cada organismo
miembro interesado en una materia para la cual se haya establecido un comité técnico, tiene el derecho
de estar representado en dicho comité. Las organizaciones internacionales, gubernamentales y no
gubernamentales, vinculadas con ISO, también participan en el trabajo. ISO colabora estrechamente
con la Comisión Electrotécnica Internacional (IEC) en todos los temas de normalización electrotécnica.
En la Parte 1 de las Directivas ISO/IEC se describen los procedimientos utilizados para desarrollar este
documento y aquellos previstos para su mantenimiento posterior. En particular debería tomarse nota
de los diferentes criterios de aprobación necesarios para los distintos tipos de documentos ISO. Este
documento ha sido redactado de acuerdo con las reglas editoriales de la Parte 2 de las Directivas ISO/
IEC (véase www.iso.org/directives).
Se llama la atención sobre la posibilidad de que algunos de los elementos de este documento puedan
estar sujetos a derechos de patente. ISO no asume la responsabilidad por la identificación de alguno
o todos los derechos de patente. Los detalles sobre cualquier derecho de patente identificado durante
el desarrollo de este documento se indicarán en la Introducción y/o en la lista ISO de declaraciones de
patente recibidas (véase www.iso.org/patents).
Cualquier nombre comercial utilizado en este documento es información que se proporciona para
comodidad del usuario y no constituye una recomendación.
Para una explicación de la naturaleza voluntaria de las normas, el significado de los términos específicos
de ISO y las expresiones relacionadas con la evaluación de la conformidad, así como la información
acerca de la adhesión de ISO a los principios de la Organización Mundial del Comercio (OMC) respecto a
los Obstáculos Técnicos al Comercio (OTC), véase www.iso.org/iso/foreword.html.
Este documento ha sido elaborado por el Comité Técnico ISO/TC 283, Sistemas de gestión de la seguridad
y salud en el trabajo.
Cualquier comentario o pregunta sobre este documento deberían dirigirse al organismo nacional de
normalización del usuario. En www.iso.org/members.html se puede encontrar un listado completo de
estos organismos.
Traducción oficial/Official translation/Traduction officielle
v
Prólogo de la versión en español
Este documento ha sido traducido por el Grupo de Trabajo Spanish Translation Task Force (STTF) del
Comité Técnico ISO/TC 283, Sistemas de gestión de la seguridad y salud en el trabajo, en el que participan
representantes de los organismos nacionales de normalización y otras partes interesadas, para lograr
la unificación de la terminología en lengua española en el ámbito de la gestión de la seguridad y salud en
el trabajo.
Este documento ha sido validado por el ISO/TMBG/Spanish Translation Management Group (STMG)
conformado por los siguientes países: Argentina, Bolivia, Chile, Colombia, Costa Rica, Cuba, Ecuador,
El Salvador, España, Guatemala, Honduras, República Dominicana, México, Panamá, Paraguay, Perú y
Uruguay.
Traducción oficial/Official translation/Traduction officielle
vi
Introducción
Una organización es responsable de la seguridad y salud en el trabajo (SST) de sus trabajadores. Esta
responsabilidad incluye la promoción y protección de su salud física y mental. La organización también
es responsable de tomar medidas para proteger a otros que pueden ser afectados por sus actividades.
La mejor forma de lograr esto es mediante un sistema de gestión de la SST.
El propósito de un sistema de gestión de la SST es proporcionar un marco de referencia para gestionar
los riesgos y oportunidades para la SST, y para gestionar los riesgos y oportunidades para el propio
sistema de gestión. Los resultados previstos del sistema de gestión de la SST son mejorar continuamente
el desempeño de la SST, cumplir con los requisitos legales y otros requisitos y lograr los objetivos de la
SST.
Este documento proporciona orientación sobre cómo implementar los requisitos establecidos en la
Norma ISO 45001:2018 en cualquier tipo de organización y se debería utilizar en conjunto con la Norma
ISO 45001:2018. Cuando la Norma ISO 45001:2018 establece lo que se necesita hacer, este documento
lo desarrolla más detalladamente y da orientación sobre cómo puede llevarse a cabo, incluyendo casos
reales. Existe un manual como complemento de esta orientación general, véase la Referencia [2].
La intención de la Norma ISO 45001:2018 es permitir que las organizaciones protejan a todos los
trabajadores de lesiones y deterioro de la salud, independientemente de las características individuales.
Este documento proporciona orientación adicional sobre cómo asegurar que se aborden las necesidades
específicas de las personas y de los grupos de trabajadores, reconociendo que un enfoque genérico de
la gestión de la SST puede conducir a que no se aborden en su totalidad las necesidades de diferentes
géneros, edades y grupos minoritarios.
Muchos requisitos de la Norma ISO 45001:2018 contienen términos como “según sea apropiado”,
“según sea aplicable” o “pertinente”. Estos términos indican que la organización debería determinar
si el requisito concierne a la organización y, en su caso, de qué forma lo hace, tomando en cuenta sus
condiciones, procesos o contexto. En este documento, el significado de estos términos es el siguiente:
— “según sea apropiado” significa adecuado o apropiado en las circunstancias e implica algún grado
de libertad, es decir, depende de la organización decidir qué hacer;
— “según sea aplicable” significa posible de aplicar e implica que, si se puede hacer, debería hacerse;
— "pertinente” significa dirigido y relacionado con el tema, es decir, relevante.
El enfoque del sistema de gestión de la SST aplicado en este documento se basa en el concepto de
planificar-hacer-verificar-actuar (PHVA). El concepto PHVA es un proceso iterativo utilizado por las
organizaciones para lograr la mejora continua. Puede aplicarse a un sistema de gestión de la SST y a
cada uno de sus elementos individuales, como sigue:
a) Planificar: determinar y evaluar los riesgos para la SST, las oportunidades para la SST y otros
riesgos y otras oportunidades que pueden influir en los resultados previstos del sistema de gestión
de la SST y establecer los objetivos de la SST y los procesos necesarios para conseguir resultados de
acuerdo con la política de la SST de la organización.
b) Hacer: implementar los procesos según lo planificado.
c) Verificar: hacer el seguimiento y la medición de las actividades y los procesos respecto a la política
de la SST y los objetivos de la SST, e informar sobre los resultados.
d) Actuar: tomar acciones para mejorar continuamente el desempeño de la SST para alcanzar los
resultados previstos.
El concepto PHVA y su relación con este documento se muestra en la Figura 1.
Traducción oficial/Official translation/Traduction officielle
vii
NOTA Los números proporcionados entre paréntesis hacen referencia a los números de los capítulos y
apartados en este documento.
Figura 1 — Relación entre el PHVA y el marco de referencia de este documento
Traducción oficial/Official translation/Traduction officielle
viii
NORMA INTERNACIONAL ISO 45002:2023 (traducción oficial)
Sistemas de gestión de la seguridad y salud en el trabajo —
Directrices generales para la implementación de la Norma
ISO 45001:2018
1 Objeto y campo de aplicación
Este documento proporciona orientación sobre el establecimiento, la implementación, el mantenimiento
y la mejora continua de un sistema de gestión de la seguridad y salud en el trabajo (SST) que puede
ayudar a que las organizaciones sean conformes con la Norma ISO 45001:2018.
NOTA 1 Si bien la orientación de este documento es coherente con el modelo del sistema de gestión de la SST
de la Norma ISO 45001:2018, no pretende proporcionar interpretaciones de los requisitos de la Norma ISO 45001.
NOTA 2 El uso del término “debería” en este documento no atenúa ninguno de los requisitos de la Norma
ISO 45001:2018 ni añade nuevos requisitos.
NOTA 3 Para la mayoría de los capítulos de este documento, existen casos reales sobre cómo diferentes tipos
de organizaciones han implementado los requisitos. Estos casos no pretenden sugerir que son la única o la mejor
forma de implementarlos, sino describir cómo lo ha realizado una organización.
2 Referencias normativas
En el texto se hace referencia a los siguientes documentos de manera que parte o la totalidad de su
contenido constituyen requisitos de este documento. Para las referencias con fecha, solo se aplica la
edición citada. Para las referencias sin fecha se aplica la última edición (incluida cualquier modificación
de esta).
ISO 45001:2018, Sistemas de gestión de la seguridad y salud en el trabajo — Requisitos con orientación
para su uso
3 Términos y definiciones
Para los fines de este documento, se aplican los términos y definiciones incluidos en la Norma
ISO 45001:2018.
ISO e IEC mantienen bases de datos terminológicas para su utilización en normalización en las siguientes
direcciones:
— Plataforma de búsqueda en línea de ISO: disponible en https:// www .iso .org/ obp
— Electropedia de IEC: disponible en https:// www .electropedia .org/
4 Contexto de la organización
4.1 Comprensión de la organización y de su contexto
Para poder implementar un sistema de gestión de la SST eficaz, la organización necesita comprender
el contexto en el que opera y determinar qué cuestiones pueden hacer más fácil o difícil lograr
los resultados previstos del sistema de gestión de la SST. Los resultados previstos, tal y como se
incluyen en la definición de “sistema de gestión de la seguridad y salud en el trabajo” (véase la
Norma ISO 45001:2018, 3.11), son prevenir lesiones y el deterioro de la salud de los trabajadores y
proporcionar lugares de trabajo seguros y saludables. Esto incluye la mejora del desempeño de la SST,
el cumplimiento de los requisitos legales y otros requisitos, y el logro de los objetivos de la SST. Estos
Traducción oficial/Official translation/Traduction officielle
son los resultados esenciales mínimos, pero una organización puede establecer resultados previstos
adicionales, como ir más allá de los requisitos de la Norma ISO 45001:2018, por ejemplo, animar a un
proveedor a implementar también un sistema de gestión de la SST.
La organización debería ser consciente de que las cuestiones externas e internas pueden cambiar y,
por lo tanto, debería darles seguimiento y revisarlas. Es aconsejable que la organización lleve a cabo
revisiones de su contexto a intervalos planificados y a través de actividades como la revisión por la
dirección.
Ejemplos de cuestiones externas que pueden afectar a los resultados previstos de un sistema de gestión
de la SST son:
— la situación económica y financiera, la actividad económica;
— el sector del negocio, los mercados, las actividades de comercio internacional, las necesidades y
expectativas de las partes interesadas (contratistas, compañías de seguros, etc.);
— los requisitos de la cadena de suministro, incluyendo la esclavitud moderna;
— las amenazas terroristas;
— las innovaciones tecnológicas, los equipos, la evolución de productos y sistemas, el conocimiento de
los efectos de los productos y los equipos de trabajo sobre la SST;
— los disturbios políticos y sociales;
— los requisitos legales y otros requisitos, incluyendo la legislación, los acuerdos sectoriales, los
convenios y los acuerdos voluntarios suscritos por la organización;
— las necesidades y expectativas institucionales;
— la ubicación geográfica de la compañía;
— las inquietudes ambientales que puedan tener un impacto en la salud y seguridad, incluyendo el
cambio climático y la contaminación;
— las situaciones de emergencia potenciales, incluyendo no solo pandemias, sino también inundaciones,
sismos, etc.
Ejemplos de cuestiones internas que pueden afectar a los resultados previstos de un sistema de gestión
de la SST son:
— la consulta y participación, las cuestiones planteadas por los trabajadores y otras partes interesadas
que pueden impactar las actividades internas de la organización y su sistema de gestión de la SST;
— los requisitos internos, incluyendo las políticas y prácticas, la misión, la visión, los valores, los
objetivos, las estrategias, los acuerdos y las directrices;
— lo que se sabe que ha causado lesiones y deterioro de la salud en el pasado;
— la estructura y el modelo de gobernanza de la organización, el alcance del trabajo, los horarios de
trabajo, los roles, las funciones y las responsabilidades;
— los centros de trabajo y de distribución;
— la demografía (por ejemplo, género de los trabajadores, rango de edad, identidades raciales, variedad
de lenguajes, trabajadores con discapacidad);
— las condiciones y la extensión de los servicios y actividades;
— la globalización e internacionalización de la compañía;
Traducción oficial/Official translation/Traduction officielle
— la diversidad cultural (por ejemplo, la inclusión, las identidades y los antecedentes raciales, las
creencias culturales y religiosas, el dominio de idiomas, los niveles de alfabetización y educación);
— los recursos financieros, humanos (disponibilidad, competencia, etc.) y tecnológicos (disponibilidad
y condiciones de los equipos, productos, instalaciones, sistemas y lugares de trabajo), así como la
distribución de los recursos;
— la planificación general;
— los procesos, productos y servicios.
Una organización puede elegir documentar esta información si quiere adoptar un enfoque más
estructurado para su sistema de gestión de la SST. Sin embargo, la ausencia de esta documentación
no debería impactar en la capacidad de la organización de buscar y demostrar la conformidad con la
Norma ISO 45001, cuando puede evidenciar un enfoque estructurado por otros medios.
La organización puede utilizar diferentes metodologías para determinar y evaluar las cuestiones
externas e internas. Un ejemplo de metodología es el análisis de fortalezas, debilidades, oportunidades
y amenazas. Véase el Capítulo 5 para orientación sobre cómo involucrar a los trabajadores en este
proceso.
Las cuestiones tratadas en este apartado están principalmente relacionadas con el impacto sobre el
sistema de gestión de la SST y por lo general se analizan en los niveles más altos de la organización. Los
riesgos específicos para la SST se tratan en los niveles operacionales y se consideran en los apartados
6.1.2 y 6.1.3.
EJEMPLO Caso real 1 sobre cómo implementar los requisitos de la Norma ISO 45001:2018, 4.1.
Una organización de diversos servicios implementó los requisitos del apartado 4.1 e hizo un análisis general
de las cuestiones llevando a cabo un ejercicio de lluvia de ideas con la participación del personal dedicado a la
SST, otros trabajadores y representantes de los trabajadores, personas con conocimiento de diversas áreas de
la organización y alguien de la alta dirección que lideraba la SST. El equipo debatió las cuestiones externas e
internas desde una perspectiva amplia y determinó cuáles eran pertinentes para el sistema de gestión de la SST.
Esto sirvió posteriormente como una entrada para identificar las partes interesadas (véase 4.2), determinar el
alcance (véase 4.3), y abordar los riesgos y oportunidades (véase 6.1).
A pesar de que en la Norma ISO 45001:2018, no existe un requisito de documentar los resultados de este análisis
del contexto, de todas maneras, la organización eligió hacerlo y asegurarse de que el equipo entero estaba de
acuerdo con los resultados. Ellos crearon una conexión entre el contexto y la planificación documentando cada
cuestión pertinente por categorías, identificando si se trataba de una cuestión presente o futura y determinando
si tenía un potencial positivo o negativo. También asignaron un valor a su importancia relativa y establecieron
cómo la cuestión debería ser gestionada en su sistema (como un riesgo para la SST, una emergencia potencial, un
riesgo para el sistema de gestión, otra oportunidad, etc.). La Tabla 1 muestra parte de lo que encontraron.
Este ejercicio sobre el contexto se revisa cuando existen cambios significativos externos o internos que afectan a
la organización o al sistema de gestión de la SST y, por otra parte, cuando lo considere apropiado la organización.
Traducción oficial/Official translation/Traduction officielle
Tabla 1 — Algunas de las cuestiones externas e internas encontradas
Importancia
Marco Negativo o para el sistema
Categoría Cuestión Gestionado como
temporal positivo de gestión de
la SST
Cultura: interna Falta de interés de la Actual Negativo Alta Riesgo para el siste-
alta dirección en la ma de gestión de la
SST SST
Peligro en el Trabajo en altura en Actual Negativo Media Riesgo para la SST
lugar de trabajo las instalaciones del
cliente
Peligro en el Niveles de ruido en Actual Negativo Alta Riesgo para la SST
lugar de trabajo algunas operaciones
Economía: in- Falta de recursos Futuro Negativo Media Actualmente no ges-
terna financieros para tionado
invertir en mejoras de
la SST
Actividades: Inadecuada gestión de Actual Negativo Media Riesgo para la SST
interna productos químicos
Recursos: in- Mejora de la compe- Actual Positivo Media Oportunidad para el
terna tencia del personal sistema de gestión de
dedicado a la SST más la SST
allá de los requisitos
Tecnología: Desarrollo de nuevas Actual Positivo Alta Oportunidad para el
externa tecnologías para sistema de gestión de
eliminar peligros y la SST
mitigar los riesgos
para la SST
Partes interesa- Requisitos de los Futuro Positivo Alta Oportunidad para el
das: externa clientes relacionados sistema de gestión de
con la certificación la SST
del sistema de gestión
de la SST
Partes interesa- Falta de participación Actual Negativo Alta Riesgo para el siste-
das: interna de los representantes ma de gestión de la
de los trabajadores SST
Traducción oficial/Official translation/Traduction officielle
TTaabblla 1 a 1 ((ccoonnttiinnuuaacciióón)n)
Importancia
Marco Negativo o para el sistema
Categoría Cuestión Gestionado como
temporal positivo de gestión de
la SST
Compañía: Comunicación interna Actual Negativo Media Riesgo para el siste-
interna deficiente sobre la ma de gestión de la
SST SST
Recursos: ex- Los proveedores de Futuro Negativo Media Riesgo para el siste-
terna equipos de protección ma de gestión de la
para la SST, inclu- SST
yendo equipos de
protección personal
(EPP), no siempre
tienen disponibilidad
para suministrar los
productos solicitados
cuando se incremen-
ta la demanda en el
mercado
Compañía: Falta de considera- Actual Negativo Alta Riesgo para la SST
interna ción específica para
cuestiones relacio-
nadas con el género,
trabajadores no bi-
narios y otros grupos
específicos, así como
disposiciones para
estos grupos
4.2 Comprensión de las necesidades y expectativas de los trabajadores y de otras
partes interesadas
Las necesidades y expectativas (es decir, requisitos) de los trabajadores y otras partes interesadas
son importantes cuando se considera el contexto en el cual opera la organización. Es importante que
la organización tome en cuenta las características de sus trabajadores y cómo esto puede afectar
a las necesidades y expectativas. Diferentes géneros y grupos de edades pueden tener necesidades y
expectativas muy diferentes a las de los demás. Los grupos minoritarios (por ejemplo, minorías étnicas,
trabajadores con discapacidad física o mental, trabajadores de género o sexualidad no tradicional)
también tienen necesidades y expectativas las cuales no son siempre reconocidas o entendidas.
La determinación de las partes interesadas que son pertinentes al sistema de gestión de la SST y el
desarrollo de una relación con ellos permite la comunicación, la cual puede mejorar la participación
de los trabajadores, eliminar obstáculos a la participación, conducir a una cultura que apoye la SST, y
construir un entendimiento mutuo, confianza y respeto.
La organización debería identificar las necesidades y expectativas pertinentes de los trabajadores
y otras partes interesadas, para determinar aquellas con las que tiene que cumplir, así como los
acuerdos voluntarios que elige cumplir. Los métodos utilizados y los recursos aplicados pueden variar
dependiendo de, por ejemplo, el tamaño y la naturaleza de la organización, la disponibilidad financiera,
los riesgos y oportunidades para la SST que deberían ser abordados, y la experiencia de la organización
con la gestión de la SST.
Normalmente, se siguen tres pasos para determinar con qué debería cumplir la organización:
— Paso 1: Determinar otras partes interesadas pertinentes, además de los trabajadores. Los
trabajadores en todos los niveles están siempre en el corazón del sistema de gestión de la SST. Sin
Traducción oficial/Official translation/Traduction officielle
embargo, otras partes interesadas que son pertinentes para el sistema de gestión de la SST pueden
incluir:
— sindicatos y representantes de los trabajadores;
— autoridades legales y reglamentarias;
— comunidades;
— propietarios, incluyendo inversionistas/accionistas;
— vecinos;
— otras compañías relacionadas con la organización, como contratistas, proveedores o clientes;
— organismos institucionales, como los de inspección, los institutos nacionales de la SST y los
grupos de investigación de la SST;
— otros organismos o compañías relacionados con lesiones o enfermedades, como los de seguridad
social, organismos de compensación y compañías de seguros;
— clientes (por ejemplo, aquellos que requieren que los proveedores implementen un sistema de
gestión de la SST o que tienen requisitos específicos relacionados con la SST);
— personas que pueden estar ocasionalmente en las instalaciones o bajo el control de la
organización, como visitantes, consultores, transportistas, y trabajadores de contratistas o
proveedores.
Las partes interesadas pueden cambiar con el tiempo y pueden depender del sector, industria o
ubicación geográfica en la cual la organización opera. Los cambios en las cuestiones externas o
internas que son parte del contexto de la organización pueden también resultar en cambios en las
partes interesadas. Puede ser una buena práctica mantener esta información actualizada.
— Paso 2: determinar las necesidades y expectativas pertinentes (es decir, requisitos) de los
trabajadores y otras partes interesadas con relación a la SST. Los ejemplos incluyen:
— las autoridades requieren que la organización cumpla con los requisitos legales;
— los trabajadores necesitan que la organización proporcione una formación adecuada para
asegurar su competencia para controlar riesgos de su trabajo o como resultado del trabajo de
los contratistas;
— necesidades y expectativas específicas de, por ejemplo, las mujeres (EPI que se ajuste
correctamente entorno de trabajo), trabajadores de edad avanzada (accesibilidad, métodos
de formación/comunicación), trabajadores con discapacidades, evidentes o no, trabajadores
de diferentes contextos culturales o étnicos, y trabajadores con necesidades psicológicas
adicionales en materia de salud y seguridad (por ejemplo, debido a su identidad racial sexualidad,
género o religión);
— los contratistas necesitan que la organización los mantenga informados de todas las políticas,
procesos y procedimientos relacionados con la SST;
— las autoridades reglamentarias requieren que la organización proporcione información
pertinente de la SST de manera oportuna;
— los propietarios necesitan y esperan que se les mantenga informados acerca del desempeño de
la SST de la organización;
— los clientes requieren a sus proveedores implementar total o parcialmente un sistema de gestión
de la SST;
— los proveedores requieren acceso a información relacionada con los peligros como parte de las
negociaciones contractuales;
Traducción oficial/Official translation/Traduction officielle
— los representantes de los trabajadores esperan que la organización les proporcione información
del desempeño de la SST con regularidad.
No existe un enfoque único para determinar las necesidades y expectativas. La organización debería
utilizar un enfoque que sea apropiado para su alcance, naturaleza y escala, y que sea apropiado en
términos de detalle, complejidad, tiempo, costo y disponibilidad de datos fiables. Las fuentes para
determinar las necesidades y expectativas del trabajador pueden ser:
— acuerdos individuales o colectivos;
— sugerencias de los trabajadores o de sus representantes;
— encuestas llevadas a cabo por la organización;
— debates informales con trabajadores.
— Paso 3: Determinar cuáles necesidades y expectativas son, o pueden llegar a ser, requisitos legales
y otros requisitos:
— Una organización debería determinar qué necesidades y expectativas de las partes interesadas
pertinentes tiene que cumplir (requisitos legales), y qué necesidades y expectativas restantes
decide adoptar (otros requisitos). Este conocimiento general de alto nivel proporciona entradas
para gestionar los requisitos legales y otros requisitos, como se detalla más adelante en el
apartado 6.1.3.
— Para requisitos establecidos por un organismo reglamentario, la organización debería obtener
conocimiento de áreas de la legislación que son aplicables a sus circunstancias y operaciones y
que sea pertinente en el contexto de la Norma ISO 45001. La organización debería asegurarse de
que se toma en cuenta la legislación y los requisitos de los organismos reglamentarios relativos
a la equidad, a la igualdad y a la discriminación.
— En el caso de los compromisos voluntarios (otros requisitos), la organización debería obtener
amplio conocimiento de las necesidades y expectativas pertinentes. Este conocimiento permite
a la organización entender las implicaciones que pueden tener en el logro de los resultados
previstos de su sistema de gestión de la SST.
La organización debería considerar el resultado de los pasos mencionados anteriormente en el
establecimiento del alcance de su sistema de gestión de la SST, el establecimiento de la política de la SST,
y al abordar los riesgos y oportunidades. A pesar de que no es un requisito, puede ser útil documentar
esta información para facilitar su uso en el cumplimiento de otros requisitos de la Norma ISO 45001.
EJEMPLO 1 Caso real 1 sobre cómo implementar los requisitos de la Norma ISO 45001:2018, 4.2.
Una empresa mediana manufacturera identificó las siguientes partes interesadas durante el análisis del contexto
de sus cuestiones externas e internas:
— Externas, en las instalaciones (algunas ocasiones): Clientes, visitantes, proveedores, consultores externos,
inspectores de trabajo, compañías aseguradoras, compañía de gestión de residuos, trabajadores del
departamento de bomberos y ambulancias.
— Externas, fuera de las instalaciones: Acreedores, competidores, autoridades reglamentarias, accionistas,
agencias de seguridad social, vecinos, prestamistas y otras instituciones financieras y organizaciones de
derechos laborales.
— Internas: Trabajadores incluyendo la alta dirección, representantes de los trabajadores, comité de trabajadores
y miembros de la brigada contra incendios, contratistas.
En la forma de un taller de lluvia de ideas, la organización después listó todo lo que se pensó que las diferentes
partes interesadas requirieron o podrían requerir de la organización con relación a la SST. También listó cualquier
cosa que cualquiera pudo recordar en el taller acerca de lo que estas partes interesadas habían solicitado o
incluso habían mostrado interés con relación a la SST. También incluyeron requisitos pasados y añadieron cosas
que pensaron que se convertirían en requisitos o llegarían a ser importantes para las partes interesadas en los
años venideros.
Traducción oficial/Official translation/Traduction officielle
El paso final fue decidir cuáles de estas necesidades y expectativas la organización necesitaría o elegiría cumplir.
Esto incluyó los requisitos legales, convenios colectivos, decisiones del consejo y de la alta dirección relacionadas
con la SST (a pesar de que encontraron dos que estaban en conflicto que necesitaban ser resueltos) y acuerdos
contractuales.
El resultado fue documentado en un archivo y fue utilizado como punto de partida para el proceso de detallar
requisitos legales y otros requisitos y cómo estos fueron satisfechos por la organización (véase 6.1.3).
La Tabla 2 muestra lo que contenía el archivo.
Tabla 2
Parte interesada Necesita y/o espera que la organización:
Trabajadores — proporcione formación adecuada para asegurar su competencia para controlar
riesgos de su trabajo o como resultado de los procesos y procedimientos de los
contratistas
— sea transparente y divulgue la información de la SST
— reconozca y aprecie las buenas iniciativas y el desempeño de la SST
— reconozca que diferentes grupos de trabajadores (relacionados con género,
edad, discapacidades, etc.) pueden estar expuestos a diferentes riesgos para la
SST y que lleve a cabo pasos para abordarlos
— asegure que los trabajadores tengan la posibilidad de participar en la
planificación y decisiones relacionadas con la ejecución de las tareas laborales
Autoridades — cumpla los requisitos legales
— proporcione información pertinente de la SST de manera oportuna
— alinee su sistema de gestión de la SST con los objetivos gubernamentales
— promueva el cumplimiento con las reglamentaciones y normas aplicables por
parte de los contratistas
Contratistas — los mantenga informados de todas las políticas, procesos y procedimientos
relacionados con la SST
— reconozca y aprecie el buen desempeño de la SST, iniciativas y colaboración
Propietarios — los mantenga informados sobre el desempeño de la SST de organización
— tenga una buena comunicación y coordinación
— implemente un sistema de gestión de la SST sostenible
Clientes — implemente un sistema de gestión de la SST que ellos hayan establecido como
un requisito para los proveedores
— proporcione productos que son seguros para su uso
— proporcione productos en tiempo y sin retrasos debido a incidentes
— tome un enfoque general de desarrollo sostenible que incluya la SST
Proveedores — sea clara y coherente en lo que ellos requieren en las negociaciones
contractuales con relación a la SST
— reconozca y aprecie el buen desempeño de la SST, iniciativas y colaboración
Representantes de — asegur
...