ISO 45001 is the international standard for occupational health and safety (OHS) management systems. It sets out the requirements an organisation must meet to systematically manage workplace health and safety risks, prevent work-related injury and illness, and demonstrate a structured approach to safety management.
Published in 2018, ISO 45001 replaced OHSAS 18001 and AS/NZS4801, the previous international and Australian benchmark for safety management systems. Organisations that held OHSAS 18001 or AS/NZS4801 certification were required to transition to ISO 45001. All certifications are now issued to the ISO 45001:2018 standard.
ISO 45001 was developed by ISO technical committee ISO/PC 283 with input from safety regulators, industry bodies, and practitioners across more than 70 countries. In Australia, it aligns with the requirements of the model Work Health and Safety Act and the WHS Regulations, though it goes beyond legal compliance to establish a proactive, risk-based approach to safety management.
ISO 45001 applies to any organisation regardless of size, industry, or type. It is equally applicable to a five-person electrical contractor, a national facilities management company, or a manufacturing operation with hundreds of staff.
If a tender document lists ISO 45001 as a requirement and you cannot demonstrate certification, your submission will not progress. This is the most immediate and concrete business case.
Many head contractors and government agencies maintain approved supplier lists. ISO 45001 is increasingly a baseline requirement for inclusion. Getting certified once opens access to multiple clients.
A properly implemented WHS management system identifies hazards before they result in incidents. For a small business, a single serious incident can lead to harm to your workers which is the most important thing to avoid. It may also lead to prosecution, compensation claims, lost productivity, and reputational damage that takes years to recover from.
Australian WHS legislation places significant obligations on persons conducting a business or undertaking (PCBUs). A documented WHS management system that meets ISO 45001 demonstrates due diligence and provides evidence of compliance with the duty of care obligations under the WHS Act.
Some insurers and workers compensation schemes take ISO 45001 certification into account when assessing risk and setting premiums. This varies by insurer and industry, but certification can support a case for lower premiums or better coverage terms.
Certification to ISO 45001 shows clients, head contractors, and regulators that your organisation takes safety seriously and manages it systematically - not just when someone is watching. It demonstrates a structured, proactive approach to protecting your workers and your business.
ISO 45001 shares the same high-level structure as ISO 9001 and ISO 14001 under the Annex SL framework. This makes it straightforward to integrate with other management system standards. The requirements are in Clauses 4 through 10.
You must identify the internal and external factors that affect your ability to achieve the intended outcomes of your WHS management system. This includes understanding the legal and regulatory requirements that apply to your operations, and identifying workers and other interested parties whose needs and expectations are relevant to your system.
Top management must demonstrate active leadership and commitment to the WHS management system. This is more than signing a policy. It means integrating WHS into business planning, ensuring adequate resources, and actively promoting a safety culture. Worker participation is a distinct and specific requirement under ISO 45001, workers must be consulted and involved in hazard identification, risk assessment, and the development of controls.
You must conduct a systematic process for identifying hazards, assessing OHS risks, and determining the controls needed to manage those risks. You must also identify OHS opportunities: ways to improve safety performance beyond simply preventing harm. Legal compliance obligations must be identified and documented. OHS objectives must be set and planned for.
The system needs the right resources: competent people, appropriate infrastructure, and documented information. Competency requirements must be defined for roles that affect safety performance. Workers must be aware of the WHS policy, their contribution to the system, and the consequences of not following WHS requirements. Communication processes must be established for both internal and external WHS communication.
This is the core of the operational requirements. It covers the planning and control of processes needed to meet WHS requirements, including management of change, procurement of goods and services, and contractor management. Emergency preparedness and response is a specific requirement: you must plan for potential emergency situations and test your response procedures.
You must monitor, measure, and analyse your WHS performance. This includes tracking incident rates, near misses, hazard reports, and the results of inspections and audits. Internal audits must be conducted. Management review meetings must take place and consider the performance of the WHS management system.
Incidents, non-conformances, and near misses must trigger a structured investigation and corrective action process. The root cause must be identified and actions taken to prevent recurrence. Continual improvement of the WHS management system is a core requirement.
ISO 45001 certification is about proving your business has a systematic, documented approach to managing workplace health and safety - and that you can demonstrate it is actually working. It is not just a folder of forms. Done properly, it changes how your business identifies and manages risk every day.
ComplyOn builds or helps you ready your system for ISO45001 Certification
The auditor reviews your WHS management system documentation. They confirm that your system is designed to meet the requirements of ISO 45001:2018 and that you are ready to proceed to a Stage 2 audit.
The auditor conducts a site visit (or remote audit for certain operations) to verify that your documented WHS management system is being implemented in practice. They will interview workers and managers, observe work activities, review incident and hazard records, and verify that your controls are functioning as intended.
After the audit, the accredited conformity assessment body, reviews the audit report and the auditors recommendations and any findings and then makes a final decision on whether ISO45001 Safety certification should be granted - if so they will issue your certificate.
We build your WHS management system around how your business actually operates -- not around a generic template that bears no resemblance to your work.
We review what you already have against the requirements of ISO 45001:2018. Most construction and trade businesses have some safety documentation already: SWMS, induction checklists, toolbox talk records. We assess what counts toward the standard and what needs to be built.
We design a WHS management system that fits your business. For a subcontractor working across multiple sites, that looks different from a workshop-based manufacturer. We write procedures your supervisors will actually use, not documents that sit in a folder.
We work with your team to implement the system. This includes making sure your managers understand their WHS obligations under the standard, that your workers know how to participate in hazard identification, and that your day-to-day safety processes align with what the standard requires.
Before your certification audit, we conduct a full internal audit against ISO 45001:2018. Any gaps are identified and resolved before the auditor arrives.
We support you through both the Stage 1 and Stage 2 audits. If the auditor raises a finding, we help you respond and close it out.
After certification, we brief your team on how to maintain the system through the surveillance audit cycle. Ongoing support is available if you need it.
While ISO 45001 originated as a requirement in high-hazard industries, it is now sought across a much wider range of businesses.
Electricians, plumbers, concreters, steel fixers, painters, and other subcontractors are increasingly required to hold ISO 45001 certification to work for major head contractors or access government-funded projects. We work with small construction businesses that need to meet these requirements without building an internal safety bureaucracy.
Road, rail, utilities, and infrastructure contractors operate in high-hazard environments with complex contractor management requirements. ISO 45001 provides the framework to manage safety across subcontractor chains and demonstrate compliance to project owners and government clients.
Facilities maintenance, mechanical services, electrical services, and other industrial service providers often work on client sites with their own safety management requirements. ISO 45001 certification demonstrates that your safety system is robust enough to operate within complex site environments.
Manufacturers with significant machinery, chemical, or process hazards use ISO 45001 to manage workplace risks systematically and meet the requirements of enterprise customers and insurers.
Labour hire businesses have specific obligations as PCBUs under Australian WHS legislation. ISO 45001 helps labour hire providers demonstrate that they meet those obligations and manage the safety of workers placed with host employers.
Professional services, logistics, cleaning, and other service businesses increasingly encounter ISO 45001 requirements from enterprise clients. The standard scales to lower-hazard environments -- not every clause will carry the same weight as it does in construction, but the framework is equally applicable.
We don't do vague retainers. We do specific, scoped work with clear outcomes so you know what you're getting before we start.
Service 01
Full ISO implementation - we build it with you
We work alongside your team to build an ISO management system from scratch. Clear plans, right-sized controls, support through the audit so your team keeps working while we handle the heavy lifting.
This is right for you if: You need certification to win a contract or meet a customer requirement - and want experts guiding every step.
Service 02
Maintenance, audits and system recovery
Already certified but struggling to maintain it? We help businesses whose systems have drifted get back on track, and put in place the habits to stay there without ongoing consultant dependency.
This is right for you if: Your surveillance audit is approaching, your internal audit is overdue, or your system hasn't been touched in months.
Internal audit is one of the most commonly searched ISO services - and one of the things businesses most often let slip. We conduct ISO internal audits as a standalone engagement, with a full written report and corrective action plan. Works for any ISO standard.
The international standard for quality management systems. Often implemented alongside ISO 45001 by construction, manufacturing, and industrial service businesses seeking to meet head contractor and tender requirements.
The international standard for environmental management systems. Increasingly required alongside ISO 45001 in construction, civil, and resources sector supply chains
If your business needs ISO 9001, ISO 45001, and ISO 14001, we can build all three as a single integrated system. One set of documentation, one audit programme, one management review. More efficient to build and easier to maintain.
Start with a free consultation. We'll tell you exactly what's involved, how long it takes, and what it costs - before you commit to anything.
Request a quoteinfo@complyon.com.au · Australia-wide · In person or remote
Get certified. Stay certified.
ISO 9001, ISO 45001, ISO 14001, ISO 27001, and HSEQ. Fixed price consulting for Australian businesses.
© 2026 ComplyOn.
