ISO 45001:2018 Simplified. (Clause 9 Performance evaluation)

There are six (6) implementable clauses within ISO 45001:2018

Occupational Health and Safety Management Standard.

Within this series of posts over the next six weeks we will discuss the requirements to all six clauses and the correct interpretation thereof.

Clause 9: Performance Evaluation The key change here is that this operational area in OHSAS 18001 was referred to as a “procedures;” in ISO 45001 it now referred to “processes.” Although the introduction of “processes” is a reflection of the alignment to the HLS, it also reflects the fact that an effective OH&S MS is a continually improving process. A process is a cycle, and therefore it should reflect a plan, do, check, act (PDCA) cycle and not be static. Therefore, ISO 45001 requires processes for consultation and participation, planning, hazard identification, assessment of risk, and operational control. Management reviews have to consider risks, opportunities, and trends in aspects such as consultation and participation of workers to ensure it is happening effectively, which is part of their leadership responsibility.

This clause encompasses the following:

  • Monitoring, measurement, analysis and performance evaluation;
  • Internal audit;
  • Management review.
Clause 9.1: Monitoring, Measurement, Analysis and Performance Evaluation
Clause 9.1.1 General

The organisation should have a systematic approach for measuring and monitoring its OH&S performance on a regular basis, as an integral part of its management system.

The organisation needs to monitor and measure the following in order to determine the performance of the OHSMS and evaluate its effectiveness:

  • The extent to which legal and other requirements are fulfilled including, where applicable, all applicable OH&S legislation, collective agreements, standards and codes and insurance requirements;
  • Characteristics of activities and operations related to the identified hazards, risks and opportunities;
  • Progress in the achievement of the organisation’s OH&S objectives;
  • Effectiveness of operational and other controls.

This includes the determination of the criteria against which the organisation’s OH&S performance will be evaluated, including appropriate indicators. Criteria are what the organisation uses to compare its performance against (e.g. benchmarking its OH&S performance against other organisations, standards or codes, etc.).

To measure criteria, indicators are used. For example, if the criterion is a comparison of incidents, the organisation could choose to look at frequency, type, severity or number of incidents; the indicator could be the determined rate within each one of these criteria.

The organisation must select appropriate methods for monitoring, measurement, analysis and performance evaluation in order to ensure valid results, decide when the monitoring and measurement will be performed and when the results from monitoring and measurement will be analysed, evaluated and communicated.

The organisation must ensure that monitoring and measurement equipment such as sampling pumps, noise monitors, toxic gas detection equipment, is calibrated or verified and that it is correctly used and maintained.

Insofar as measuring and monitoring are concerned, the organisation should use both reactive and proactive measures of performance but should mainly focus on proactive measures in order to drive OH&S performance improvement.

Examples of proactive measures include:

  • Assessment of compliance with legal and other requirements;
  • Evaluation of the effectiveness of OH&S training;
  • Use of worker surveys to evaluate OH&S culture and related worker satisfaction;
  • Completion of statutory and other inspection schedules;
  • The extent to which programmes have been implemented;
  • The effectiveness of the worker consultation and participation process;
  • Use of health screening.

Examples of reactive measures include:

  • Occurrence and rates of notifiable accidents and dangerous occurrences;
  • Lost time incident rates;
  • Monitoring of ill health;
  • Actions required following assessments by regulatory bodies such as the HSA/HSE.

The organisation must retain appropriate documented information as evidence of the results of monitoring, measurement, analysis and evaluation and of the maintenance, calibration or verification of measuring instruments.

Clause 9.1.2 Evaluation of Compliance

The organisation must establish, implement and maintain a process for periodically evaluating its compliance with the legal and other requirements that are applicable to its OH&S risks, as part of its commitment to compliance.  The organisation can decide to combine these evaluations or establish separate processes. This clause complements clause 6.1.3: Determination of legal requirements and other requirements.

The organisation must:

  • Determine the frequency and method for the evaluation of compliance;
  • Evaluate compliance and take action if needed;
  • Maintain knowledge and understanding of its compliance status with legal and other requirements.

A compliance evaluation programme can encompass multiple (all occupational exposure legislation) or a single legal requirement. The frequency of evaluation can be affected by factors such as past compliance performance or the frequency at which legislation is enacted or modified.

A compliance evaluation programme can be integrated with other assessment activities. These can include management system audits, environmental audits or quality assurance assessments.

It should be noted that legal compliance is the minimum standard in determining the effectiveness of the OH&S management system.

The organisation must retain documented information of the compliance evaluation results.

Clause 9.2: Internal Audit

Clause 9.2.1 General

The organisation must conduct internal audits at planned intervals to provide information on whether the OH&S management system conforms to the organisation’s own requirements for its OH&S management system, including the OH&S policy and OH&S objectives and the requirements of ISO 45001.  In addition, the audit allows the organisation to determine if its OH&S management system is effectively implemented and maintained. The extent of the audit programme should be based on the complexity and level of maturity of the OH&S management system.

Clause 9.2.2 Internal Audit Programme

The organisation must plan, establish, implement and maintain an audit programme, which contains information on:

  • The frequency that audits are conducted;
  • The methodology/protocol used (should be in general conformance with the requirements of ISO 19011:2011 Guidelines for auditing management systems);
  • Who is responsible for managing and conducting audits;
  • What consultation takes place with auditees and the general workforce;
  • How the audits are planned and implemented;
  • The format for reporting audits.

The planning of the internal audit programme must recognise the importance of the processes concerned and the results of previous audits.  This would be reflected in the audit programme being based on the results of the risk assessments of the organisation’s activities and the results of previous audits, which in turn would guide the organisation in determining the frequency of audits of particular activities, areas or functions and what parts of the OH&S management system should be given attention.

The OH&S management system audits should cover areas and activities within the scope of the OHSMS as defined by clause 4.3 of the standard and also assess conformity to ISO 45001.

The organisation must define the audit scope and audit criteria for each audit. Audit evidence should be evaluated against the audit criteria to generate the audit findings and conclusions. Audit evidence should be verifiable.

Prior to conducting the audit, the auditors should review appropriate OH&S management system documented information, and the results of prior audits. This information should be used by the organisation in planning for the audit.

The organisation must select auditors and conduct audits to ensure objectivity and the impartiality of the audit process. It can establish objectivity and impartiality of the internal audit process by creating a process that separates auditors’ roles as internal auditors from their normal assigned duties. Alternatively, it can utilise the services of external companies to conduct its internal audit programme.

After the audit is complete the auditors must ensure that the results of the audits are reported to relevant managers. In addition, relevant audit results must be reported to workers; where they exist, to workers’ representatives and to other relevant interested parties.

The organisation must take action to address non-conformities in a timely and efficient manner and continually improve its OH&S performance. The audit report should be clear, precise and comprehensive.

The organisation must retain documented information as evidence of the implementation of the audit programme and the audit results.

Clause 9.3: Management Review

This clause requires reviews of the suitability, adequacy and effectiveness of the OHSMS to be undertaken by top management at planned intervals. Management reviews are the opportunity for senior management to critically evaluate the performance of the OH&S management system to ascertain if it continues to be:

  • Suitable: does the management system fit the organisation, its operation, its culture and business systems;
  • Adequate: is the management system implemented appropriately;
  • Effective: has the management system achieved its intended outcomes.
The management review should consider the following:
  • The status of actions from previous management reviews;
  • Changes in internal and external issues that can impact on the OH&S management system such as risks and opportunities, the needs and expectations of relevant interested parties and legal and other requirements;
  • The adequacy of resources for maintaining an effective OH&S management system;
  • Relevant communications with internal and external interested parties;
  • Opportunities for continual improvement.
The reviews should also include information on the organisation’s OH&S performance including trends in:
  • The achievement of OH&S objectives;
  • Incidents, non-conformities and corrective actions;
  • Monitoring and measurement;
  • The evaluation of compliance with legal and other requirements;
  • Internal and external audits;
  • Consultation and participation of workers;
  • Risks and opportunities.

The management reviews should be carried out on a regular basis (e.g.  quarterly, semi-annually, or annually). Partial management reviews of the performance of the OHSMS can be held at more frequent intervals, if appropriate. Different reviews can address different elements of the overall management review.

The management review process should not just evaluate historical trends but should aspire to improve the OH&S performance of the organisation through the initiation of improvement actions.

Conclusions that should be drawn at the end of the management review process relate to:
  • The continuing suitability, adequacy and effectiveness of the OH&S management system in achieving its intended outcomes;
  • Opportunities for continual improvement;
  • Any need for changes to the OH&S management system;
  • Additional resources needed;
  • Any actions needed;
  • Opportunities to improve the integration of the OH&S management system with other business processes such as environment, quality, business continuity, etc.Any implications for the strategic direction of the organisation.

Top management must communicate relevant outputs from the management reviews to workers, and where they exist, workers’ representatives.

The organisation must retain documented information as evidence of the results of the management reviews.

Join our mailing list to receive upcoming posts:


Get In Touch

Scroll to Top