ISO 45001:2018 Simplified. (Clause 7 Support)

There are six (6) implementable clauses within ISO 45001:2018

Occupational Health and Safety Management Standard.

Within this series of posts over the next six weeks we will discuss the requirements to all six clauses and the correct interpretation thereof.

Clause 7: Support This clause begins with a requirement that organizations shall determine and provide the necessary resources to establish, implement, maintain, and continually improve the OH&S management system. These cover human resources, natural resources, infrastructure, and financial resources. ISO 45001 uses the term “documented information,” instead of “documents” and “records” as used in OHSAS 18001. This reflects modern types and uses of information—cloud based, multi-media, etc.

Clause 7.1: Resources

The organisation must initially determine and provide the resources necessary to establish, implement, maintain and continually improve its OH&S management system.

The identification, procurement and provision of resources are the prerogative of senior management and their absence or diminution can be a limitation on the effectiveness of the OH&SMS.

Examples of resources include:

  • Human;
  • Natural;
  • Infrastructure;
  • Technology

Examples of infrastructure include the organisation’s:

  • Buildings;
  • Plant;
  • Equipment;
  • Utilities;
  • Information technology;
  • Communications systems;
  • Emergency containment systems.

Resources should be provided in a timely and efficient manner.

Resource allocations should consider the organisation’s current and future needs.

Clause 7.2: Competence

The organisation must determine the competence requirements for those workers that affect, or could affect, its OH&S performance. This requirement also pertains to workers operating under the control of the organisation such as contractors, agency workers, etc.

Once these competence requirements have been determined the organisation must then ensure that those workers possess the necessary competence, including the ability to identify hazards, on the basis of appropriate education, training or experience.

It is imperative that all workers have the knowledge and skills required to identify the hazards and manage the OH&S risks associated with their work and workplace.

If workers are deemed not to be competent, the organisation is required to take action (e.g. refresher/remedial training, recruitment of additional personnel or hiring/contracting of external expertise) in order to acquire the necessary competence.  The actions taken to raise competence to the required level need to be evaluated for effectiveness by means of the following mechanisms:

  • Interlocution of the workers on their understanding of their competence to perform the relevant tasks following the prescribed training;
  • Assessment of competence of the workers by observing them undertake the relevant tasks following the prescribed training;
  • Peer review or supervision following the required training.

The organisation must determine competence requirements for individual tasks and should consider the following factors in its deliberations:

  • The education,
  • training and experience required to undertake the role and the re-training necessary to maintain competence;
  • The work environment;
  • The preventive and control measures arising from the risk assessment process;
  • The requirements applicable to the OH&S management system;
  • The potential consequences of compliance and non-compliance, including the impact on the worker’s health and safety;
  • The duties and responsibilities associated with the roles;
  • The complexity and requirements of operating procedures and work instructions;
  • The results from incident investigations;
  • Legal and other requirements;
  • The necessary updating of the competence made necessary by context or work changes;Individual capabilities, including experience, language skills, literacy and diversity.

The organisation should pay particular attention to the competency requirements attached to personnel performing the following tasks:

  • Identifying hazards and conducting risk assessments;
  • Conducting audits;
  • Performing occupational exposure or noise assessments;
  • Carrying out incident investigations;
  • Performing tasks that have associated with them significant hazards and associated high risks.

When competence is acquired through training, the organisation’s training process should include:

  • Identification of training needs;
  • Preparation of a training plan or programme to address identified training needs;
  • Delivery of the training;
  • Evaluation of the effectiveness of the training;Documentation, monitoring and review of the training received.

Workers should be encouraged to assist the organisation in ascertaining the competence needed for their respective roles.

The organisation is required to retain appropriate documented information as evidence of its employees’ competence such as training records.

Clause 7.3: Awareness

Every worker should be aware of:

  • The OH&S policy and OH&S objectives;
  • Their contribution to the effectiveness of the OH&S management system, including the benefits of improved OH&S performance;
  • The implications and potential consequences of not conforming to the OH&S management system requirements;
  • Incidents and the outcomes of investigations that are relevant to them;
  • Hazards, OH&S risks and actions determined that are relevant to them;

Workers must be able to stop working without fear of reprisal if they consider that the work presents an imminent danger to their health and safety.

In addition to workers, contractors, visitors and other interested parties should be aware of the OH&S risks to which they are exposed and should also be appraised of all issues relating to the OH&S management system and OH&S performance of the organisation.

Awareness training should take account of individual worker capabilities such as literacy, language skills and maturity.

OH&S awareness can be promulgated by internal communication, visual signs and banners, campaigns, training or education, and mentoring.

Clause 7.4: Communication

7.4.1: General

The organisation must establish, implement and maintain a process or processes for internal and external communications relevant to the OH&S management system, which provides for the gathering, updating and dissemination of information and which encompasses the following:

  • What topics to communicate on;
  • When to communicate;
  • With whom to communicate (e.g. internally within the organisation and/or externally with contractors, visitors and other interested parties);
  • How to communicate.

Communications should be appropriate, comprehensible and intelligible for the audience at which it is aimed and take into account diversity aspects such as gender, language, culture, literacy and disability.

The organisation should also take into account legal and other requirements and ensure that the information to be communicated is consistent with information generated within the OH&S management system and is reliable.

Information transmitted by internal or external communications, of interest to relevant interested parties, must be available when required.

The organisation must retain documented information as evidence of its communications, as appropriate.

7.4.2: Internal communication

It is critically importance to effectively communicate information about OH&S risks and the OH&S management system, including changes to the OH&SMS, at various levels and between various functions of the organisation.

This should include information relating to:

  • Management’s commitment to the OH&S management system;
  • The identification of hazards and risks;
  • OH&S objectives and programmes to achieve them;
  • Incident investigation;
  • Progress in eliminating hazards and associated OH&S risks;
  • Operational changes that might impact the OH&S management system;
  • Progress with consultation and participation of workers;

7.4.3: External communication

The organisation should have a process in place for receiving, documenting and responding to relevant communications from external interested parties, where appropriate. Paramount to this is the development and maintenance of a process for communicating with contractors and other visitors to the workplace.

The extent of this communication should be related to the OH&S risks faced by these parties and will be further considered in clause of the standard.

Service level agreements (SLAs), contracts and pre-project OH&S planning meetings are often used to communicate on OH&S issues to external providers such as contractors, but the organisation should also use methods such as on-site induction to raise OH&S awareness amongst contractors’ workers.

In addition to communicating about specific OH&S requirements relating to on-site and off-site activities, the following should also be taken into account when communicating with external providers, particularly contractors:

  • Information about a contractor’s OH&S management system;
  • Legal and other requirements that impact on the method or extent of communication;
  • Previous OH&S performance and history of notifiable incidents;
  • The use of multiple contractors at the workplace;
  • Emergency response;
  • The need for alignment of the contractor’s OH&S practices with those of the organisation and other contractors at the workplace;
  • The need for additional consultation and/or contractual provisions relating to high-risk tasks;
  • Reporting of OH&S performance, incidents, nonconformities and corrective actions;
  • Arrangements for regular communications.

For visitors such as delivery companies, clients, members of the general public and service providers specific OH&S information needs to be communicated as follows:

  • OH&S requirements relevant to their visit;
  • Evacuation procedures and responses to alarms;
  • Traffic controls;
  • Access controls and escort function;
  • Details relating to the wearing of personal protective equipment (PPE).

External communication processes often include the identification of designated contact personnel from within the organisation. This allows for appropriate information to be communicated in a timely and consistent manner. This can be especially important in emergency situations where regular updates are required to be delivered in a clear and unambiguous manner.

Clause 7.5: Documented Information

7.5.1: General

It is important for top management to ensure that the OHSMS processes are carried out as planned and the desired results are achieved. Capturing key pieces of information in documented form can assist in this effort. Documenting how the system works helps personnel responsible for its implementation understand what they need to do and how to do it. Where a number of people are performing a process, documenting the steps can ensure consistency in the results. Documenting decisions made, OHSMS activities performed and the resulting outcomes provides evidence to demonstrate conformity to requirements and the effective implementation of the OH&S management system.

Mandatory documents include the documented information required by ISO 45001 and additional information identified by the organisation as necessary for the effective operation of its OH&S management system.

The extent of documented information for an OH&S management system can differ from one organisation to another due to:

  • The size of the organisation and the type of activities, processes, products or services it is engaged in;
  • The need to demonstrate fulfilment of legal and other requirements;
  • The complexity of the organisation’s processes and how they interact;
  • The competence of workers.

ISO 45001 has moved from prescriptive requirements for specific ‘documents’ and ‘records’ towards the more inclusive term ‘documented information’. This allows the organisation to customise its occupational health and safety documentation to better reflect its particular circumstances. There are now basically two types of documented information; “living” documents that describe how things are done within the OHSMS, and “static” records that reflect results of some activity at a particular point in time. Whether in electronic or paper format, the correct and current versions of living documents, be they procedures, work instructions, process maps, plans or programmes, need to be available to those who use them. This requires the organisation to have a process to create these documents and control their revision. Records of results need to be created, reviewed, and retained for a period of time.

The organisation should attempt to keep the complexity of the documented information at the minimum level necessary to ensure contemporaneous effectiveness, efficiency and simplicity. It should be noted that an Occupational Health and Safety Manual is no longer required by ISO 45001, but most organisations are likely to persevere with it as an integral part of their OH&S management system

7.5.2: Creating and Updating

When creating and updating documented information, the organisation must ensure appropriate:

  • Identification and description (e.g. a title, date, author or reference number);
  • Format (e.g. language, software version, graphics) and media (e.g. paper, electronic);
  • Review and approval for suitability, adequacy and effectiveness.
7.5.3: Control of Documented Information

The organisation is required to control documented information in order to ensure that it is available where needed and that it is suitable for use. It must also be adequately protected against improper use, loss of integrity and loss of confidentiality.

With reference to documented information the organisation must make decisions on its:

  • Distribution, access, retrieval and use;
  • Storage and preservation;
  • Control of any changes;
  • Retention and disposal.

The organisation is also required to identify any documented information of external origin that is considered essential for the planning and operation of its OH&S management system and ensure that it is controlled.

All of the controls described are primarily aimed at preventing unintended use of obsolete documented information.

Join our mailing list to receive upcoming posts:


Get In Touch

Scroll to Top