We prepare your ISO 45001
gap assessment
Our EHS specialists conduct a full ISO 45001:2018 gap assessment for your organization — covering all 10 clauses, identifying compliance gaps, and delivering a prioritized action plan to achieve certification.
✓ All 10 clauses assessed ✓ Prioritized action plan ✓ Fixed fee, fast turnaround
What is ISO 45001?
ISO 45001:2018 is the international standard for occupational health and safety management systems (OHSMS). It replaced OHSAS 18001 as the global benchmark for OH&S management and is used by more than 300,000 organizations worldwide.
Certification to ISO 45001 signals to customers, insurers, and regulators that your organization systematically manages workplace safety risks — not just reacts to incidents.
For US businesses, ISO 45001 certification complements OSHA compliance — the standard's systematic approach to hazard identification and risk control aligns directly with OSHA's expectations for proactive safety management.
The ISO 45001 certification journey
Stage 1
1–2 days on-site or remote
Auditor reviews your documented information — policies, procedures, risk register, legal register, objectives. Verifies scope and readiness for Stage 2.
Preparation tips
- Ensure all required documented information is complete and current
- Have your scope statement clearly defined
- Demonstrate your legal and other requirements register is comprehensive
- Show evidence of management commitment beyond a signed policy
Stage 2
2–5 days on-site (varies by organization size)
Auditor verifies the OHSMS is effectively implemented throughout the organization. Worker interviews, site observations, and record sampling.
Preparation tips
- Train workers on the ISO 45001 policy and their responsibilities
- Have operational records (training records, inspection logs, incident investigations) organized and accessible
- Demonstrate worker participation — not just management talking
- Show that risk assessments drive actual operational controls
Surveillance
Annual (Years 1 and 2 of 3-year cycle)
Confirms the system continues to function effectively. Focuses on areas identified in Stage 2 and any significant changes.
Preparation tips
- Maintain momentum after certification — don't let the system slide
- Track and close corrective actions from the previous audit
- Document continual improvement activities throughout the year
- Keep your legal register updated as OSHA regulations change
Clause-by-clause audit checklist
For each clause, the key requirement and the typical audit question your certification auditor will be asking.
Understanding the organization and its context
“Can you demonstrate a structured analysis of internal and external issues affecting your OH&S objectives?”
Understanding the needs of workers and interested parties
“Is there a documented register of interested parties and their relevant requirements?”
Determining the scope of the OH&S MS
“Is the scope clearly defined, documented, and available to interested parties?”
OH&S management system
“Is there evidence that the OHSMS is established, implemented, maintained, and continually improved?”
Leadership and commitment
“Can top management demonstrate active commitment — not just a signed policy, but measurable involvement?”
OH&S policy
“Is the policy documented, communicated, available to workers, current, and signed by top management?”
Organizational roles, responsibilities, and authorities
“Are EHS roles and responsibilities assigned, documented, and communicated at all levels?”
Consultation and participation of workers
“Are there mechanisms for workers at all levels to participate in hazard identification, incident investigation, and system improvement?”
General planning for risks and opportunities
“Is there a process to determine risks and opportunities that need to be addressed?”
Hazard identification
“Is hazard identification systematic, ongoing, and covering routine/non-routine activities and emergencies?”
Assessment of OH&S risks and opportunities
“Is there a documented risk assessment methodology with risk scoring and residual risk evaluation?”
Determination of legal and other requirements
“Is there a legal register covering all applicable OSHA standards, EPA requirements, and state regulations?”
OH&S objectives and planning to achieve them
“Are objectives measurable, monitored, communicated, and supported by action plans with owners and due dates?”
Resources
“Are adequate resources (financial, human, infrastructure) provided for the OH&S management system?”
Competence
“Is there a competency matrix? Are training records maintained and verified for all safety-critical roles?”
Awareness
“Do workers demonstrate awareness of the OH&S policy, their contribution, the consequences of non-conformance?”
Communication
“Are there documented processes for internal and external OH&S communication? Is communication two-way?”
Documented information
“Is documented information controlled, protected from unintended alterations, and retrievable? Version control in place?”
Operational planning and control
“Are operational controls established for all significant hazards, including documented procedures where absence could lead to deviation?”
Eliminating hazards and reducing risks
“Is the hierarchy of controls applied systematically, with documented rationale for control selection?”
Management of change
“Is there a formal MOC process evaluating OH&S implications before changes are implemented?”
Procurement and contractors
“Are contractor pre-qualification, site induction, and ongoing oversight procedures documented and followed?”
Emergency preparedness and response
“Are emergency scenarios identified, procedures documented, personnel trained, and drills conducted and recorded?”
Monitoring, measurement, analysis and evaluation
“Are leading and lagging indicators defined, measured, and analyzed? Who reviews what, and when?”
Evaluation of compliance
“Is there a documented process to evaluate compliance with legal and other requirements at planned intervals?”
Internal audit
“Is an internal audit program established? Are audits conducted, findings documented, and corrective actions tracked?”
Management review
“Does management review occur at planned intervals? Are all required inputs covered? Are outputs documented and acted upon?”
General improvement
“Is there a systematic approach to identifying improvement opportunities and implementing them?”
Incident, nonconformity and corrective action
“Is there a documented process for investigating incidents, determining root cause, and implementing/verifying corrective actions?”
Continual improvement
“Is there evidence of ongoing, proactive improvements to OH&S performance — not just reactions to incidents?”
HMS Nova is built for ISO 45001
Every feature in HMS Nova maps to a specific ISO 45001 clause — so as you use the platform, you're automatically generating the evidence an auditor needs.
Risk assessment module with hazard register and risk scoring
Legal and other requirements register with compliance tracking
Competency matrix and training records with renewal tracking
Document control with version history and approval workflows
Internal audit program with scheduling, findings, and CAPAs
Management review module with input/output documentation
Incident investigation with 5-Whys and corrective action tracking
KPI dashboards with TRIR, DART, and leading indicators