Better Organisational Habits: System Readiness for ISO 45001

ISO 45001 helps organisations everywhere to protect their employees and the public, provide safer working environments, prevent deaths, injuries and diseases while at the same time participating in supply chains, mitigating broader risks, safeguarding reputation and improving efficiency and productivity.

By implementing ISO 45001, companies will become more transparent, accountable and resilient. Management will have better situational awareness and the operational intelligence that is necessary for the organisation to thrive.


The big changes of emphasis between ISO 45001 and OHSAS 18001 can be summarised as:

  • More flexibility around the documentation and structuring of the management system, for example in the requirement for information rather than procedures. Similarly, since the overall purpose of the standard is preventive there is no requirement to state specific preventive activities.
  • The focus on organisational context (clause 4), including internal and external issues and stakeholder needs. This finds its highest expression in the requirement for leadership involvement and grass-roots participation throughout the organisation.
  • The emphasis of risk-basis, like ISO 9001:2015, puts greater emphasis on risk modelling and hazard and opportunity identification at the planning stage (6.1), control management (8.1), change management (8.2) and the risky business of outsourcing and supplier management (8.3-5).


ISO 45001:2018 requires that you adopt a risk-based approach to safety. In a risk-based OH&S Management System, risks related to policies, procedures, assets, suppliers or other such entities within the system can be identified and their associated threats, controls and consequences can be recorded and the risks managed throughout their complete lifecycle.

This requires the modelling of incidents as risks that consist of the undesirable event plus the preventive barriers and mitigating controls. Each risk can exist as a document within the repository. It can be created collaboratively, edited, approved, published, distributed, reviewed and withdrawn. When new information becomes available that can strengthen a preventive barrier, it simply becomes a matter of updating the control description in the relevant procedure document.

This approach to risk documentation and management, using Q-Pulse’s Documents module is one – albeit rather limited – way that you can start to think about and align with the new ISO 45001:2018 standard. The process is the same regardless of the scale and context of the risk:

  • define the failure
  • define the preventive controls
  • define the mitigations
  • document these definitions and procedures and
  • use the Q-Pulse Document Control, CA/PA and Audit modules to manage all of this

However, with a document-based risk management system, emerging risk would not be visible. To make this emerging risk profile visible requires a more powerful risk management capability such as that available in Q-Pulse’s Reporting module.

In addition to a basic process management approach, Q-Pulse’s Reporting module embeds risk assessment and management into the operational reporting process. In responding to an event, the Reporting module includes risk assessment and analysis tools that enable:

  • Risk assessment throughout the investigation process
  • Automatic visibility of new events and investigations
  • Attachment of new evidence to support the investigation process
  • Manage findings and outcomes
  • Analysis for continuous improvement and risk mitigation purposes

In addition, organisations can fully implement a risk-based approach to safety management using the risk modelling and management capabilities of Q-Pulse’s Risk module.

The graphical visualisation features of the Risk module help drive communication about risk and increase overall adoption of the OH&S Management System:

  • Widespread understanding of risk across the organisation – from the most junior to the most senior
  • Real time visibility of the organisation’s risk profile
  • Effective leadership oversight of all risks and the effectiveness of the controls in place
  • Instant understanding of the impact and extent of change to any controls
  • The sharing of lessons learned and best practice across the entire organisation

The Risk module uses the bowtie model to graphically illustrate a risk, including the undesirable events to be avoided, the preventive and recovery controls that mitigate the business risk. The result is a solution that supports dynamic risk management where controls are maintained in real time.

As well as defining and managing risks inside documents in the Documents module, Q-Pulse’s Risk module can use risk registers where risks can be recorded, described and visualised in terms of the hazards or assets they relate to and where undesirable events are represented as threats, consequences and controls.


The benefits of compliance with ISO 45001 include improved safety and wellbeing of staff and the public, reduced costs associated with improved safety, better relationships with customers and suppliers and more efficient business processes. The risk-based approach to compliance inherent in ISO 45001 adds significantly to this via the anticipative, proactive attitude it engenders:

  • Modernising and strengthening your OH&S Management System
  • Strengthening safety culture and risk awareness
  • Anticipating problems and prevent them before they emerge
  • Strengthening control and oversight of operational processes
  • Making a step change improvement in operational performance and efficiency
  • Strengthening processes for reputation and brand protection

Ideagen’s quality, safety and risk management software Q-Pulse offers a complete solution to achieving ISO 45001 conformance.

Download the Better Organisational Habits: System Readiness for ISO 45001 whitepaper.

Download now