ISO 45001:2018 Occupational Health & Safety Management System — India's Specialist OH&SMS Certification Consultants

ISO 45001:2018 is the international standard for Occupational Health and Safety Management Systems (OH&SMS) — published by the International Organization for Standardization in March 2018. It specifies requirements for an OH&S management system that enables organisations to provide safe and healthy workplaces, prevent work-related injury and ill health, and continually improve OH&S performance.

ISO 45001:2018 replaced OHSAS 18001:2007 (which was formally withdrawn in March 2021 — all OHSAS 18001 certificates are now expired or invalid). It is the first ISO standard for occupational health and safety — all previous frameworks (OHSAS 18001, ILO-OSH 2001, BS 8800) were either industry specifications or guidance documents.

Key requirements covered by ISO 45001:2018:

• Hazard identification and risk assessment (HIRA): Systematically identifying all hazards in all activities — routine, non-routine, emergency, contractor activities — and assessing the associated OH&S risks
• OH&S legal compliance: Identifying all applicable occupational health and safety laws, regulations, and other obligations — and periodically evaluating compliance
• Worker participation and consultation: A dedicated and substantially strengthened requirement vs. OHSAS 18001 — workers must be consulted before OH&S decisions are made, not just informed after
• Hierarchy of controls: Addressing risks in the priority order: Eliminate → Substitute → Engineering Controls → Administrative Controls → PPE — not jumping to PPE as a first resort
• Operational controls: Safe work procedures, permit-to-work (PTW) systems, and management of change for all significant risks
• Emergency preparedness and response: Procedures for potential emergencies — fire, chemical spill, medical emergency, structural collapse — with drills and records
• Incident investigation: Systematic investigation of all work-related incidents (injuries, ill health, near misses) to determine root causes and prevent recurrence
• Monitoring and measurement: Tracking OH&S performance KPIs — LTIFR, TRIFR, near-miss frequency rate, safety training coverage, PTW compliance rate
• Continual improvement: Using audit findings, incident investigations, and management review data to systematically improve OH&S performance over time

What ISO 45001:2018 does NOT specify: Absolute safety performance levels (it does not say "you must have fewer than X injuries per year"), specific PPE types, or the content of safety training. It provides the management system framework within which these operational decisions are made, documented, and evaluated.

ISO 45001:2018 is not a minor revision of OHSAS 18001 — it is a fundamentally different and substantially more rigorous standard. Organisations transitioning from OHSAS 18001 (or implementing for the first time) need to understand these differences clearly.

1. Annex SL Harmonised Structure (HLS): The most important structural change. ISO 45001:2018 uses the Annex SL 10-clause framework — the same structure used by ISO 9001:2015 and ISO 14001:2015. OHSAS 18001 used a different structure. The Annex SL structure enables seamless QEHS IMS integration — one policy, one context analysis, one internal audit programme, one management review — across all three standards simultaneously. This is impossible with OHSAS 18001 in a combined system.

2. Worker Participation and Consultation (Clause 5.4 — new dedicated clause): The most operationally significant new requirement. OHSAS 18001 had consultation requirements but they were weak. ISO 45001:2018 dedicates Clause 5.4 entirely to worker participation and consultation. The standard requires that workers (and where they exist, worker representatives) are actively consulted — given an opportunity to influence OH&S decisions — not just informed. This means: consulting workers in HIRA (they identify hazards management cannot see), consulting on changes affecting OH&S, involving workers in incident investigations, and providing workers with access to OH&S information. Non-workers (contractors, visitors) must also be identified and their participation mechanisms defined.

3. Context of the Organisation (Clause 4 — new requirement): OHSAS 18001 had no equivalent. ISO 45001:2018 requires formal identification of internal and external issues that affect the organisation's ability to achieve OH&S outcomes — changes in workforce demographics, remote working trends, technological changes, regulatory developments, supply chain characteristics. This creates a strategic OH&S management foundation that OHSAS 18001 lacked.

4. Proactive Approach to OH&S Opportunities: OHSAS 18001 focused primarily on risk reduction. ISO 45001:2018 requires organisations to also identify OH&S opportunities — positive changes that could improve OH&S performance beyond mere hazard control. Examples: redesigning a workflow to eliminate manual handling, transitioning from hazardous solvents to water-based alternatives, implementing health promotion programmes.

5. Supply Chain and Contractor Management (Clause 8.1.4 — strengthened): ISO 45001:2018 has explicit requirements for controlling outsourced processes, contractors, and procurement — requiring that OH&S requirements are communicated and verified for contractors performing work on behalf of or at the organisation's premises. OHSAS 18001 had contractor controls but ISO 45001 is more specific about the obligations.

6. Leadership Accountability (Clause 5 — strengthened): As with other Annex SL standards, ISO 45001:2018 places explicit accountability on top management — not just an OH&S coordinator. Top management must demonstrate leadership, not delegate safety to an OHS officer and consider themselves discharged of responsibility.

7. Hazard identification scope — expanded: ISO 45001:2018 requires HIRA to cover a broader scope than OHSAS 18001 — including psychosocial hazards (stress, harassment, bullying, shift work fatigue), ergonomic hazards (musculoskeletal disorders from workstation design), work organisation hazards (excessive work hours, lack of autonomy), and hazards from the work environment (noise, lighting, temperature, air quality).

The HIRA register is the foundational document of an ISO 45001:2018 OH&SMS — and the most technically demanding deliverable. ISO 45001:2018 Clause 6.1.2 specifies that hazard identification must be proactive and ongoing, covering all activities, people, and situations relevant to the organisation.

Step 1 — Define the HIRA scope and methodology:

• Which activities, locations, and personnel groups are in scope (on-site workers, contractors, visitors, work from home, off-site activities, night shifts, maintenance)
• What risk assessment methodology will be used — the most common is the Risk Rating Matrix (Likelihood × Severity) with defined scales for each axis
• Who will conduct HIRA — ideally involving both safety professionals (for methodology) and workers (for hazard knowledge from experience)

Step 2 — Hazard identification (systematic survey approach):

• Physical hazards: Machinery and moving parts (caught-in, struck-by), working at height (falls from stairs, ladders, roofs, scaffolding), falling objects, sharp edges, hot surfaces, extreme temperatures, electrical hazards (shock, arc flash), noise (hearing damage), vibration (hand-arm, whole-body), radiation (UV, ionising, non-ionising), illumination (inadequate lighting), confined spaces
• Chemical hazards: Toxic substances (inhalation, skin/eye contact, ingestion), carcinogens, reproductive toxins, asphyxiants, corrosives, flammables and explosives, chemical reactions
• Biological hazards: Pathogens (healthcare settings, food processing, laboratory), vector-borne diseases, mould and fungal exposure
• Ergonomic hazards: Manual handling (lifting, carrying, pushing, pulling), repetitive movements, awkward postures, workstation design (VDU work, prolonged standing), contact stress
• Psychosocial hazards: Work-related stress, excessive work demands, lack of control and autonomy, workplace harassment and bullying, sexual harassment (POSH Act compliance), shift work and long hours, job insecurity, workplace violence
• Environmental hazards: Extreme weather (heat stress in outdoor work — critical in Indian conditions), flooding, earthquake risk in seismic zones

Step 3 — Risk assessment (Likelihood × Severity matrix):

For each identified hazard, assess the risk considering existing controls already in place:

• Likelihood (Probability of harm occurring): 1=Rare (almost inconceivable), 2=Unlikely (could happen once in 10 years), 3=Possible (could happen once in 1–5 years), 4=Likely (could happen once per year), 5=Almost Certain (could happen multiple times per year)
• Severity (Consequence if harm occurs): 1=Negligible (first aid only, no lost time), 2=Minor (medical treatment, ≤3 days lost time), 3=Moderate (LTI, injury requiring hospitalisation), 4=Major (permanent disability, multiple persons injured), 5=Catastrophic (fatality or multiple fatalities)
• Risk Rating = Likelihood × Severity: 1–4=Low (acceptable with monitoring), 5–9=Medium (tolerable with controls, action plan), 10–14=High (reduce risk, specific controls required), 15–25=Extreme/Critical (immediate action, stop work if necessary)

Step 4 — Risk control (Hierarchy of Controls):

For each risk rated Medium, High, or Extreme, determine control measures in hierarchy order (Eliminate → Substitute → Engineering Controls → Administrative Controls → PPE). Document planned controls and assign implementation responsibilities and timelines.

Step 5 — Residual risk assessment:

After controls are implemented, re-assess risk to determine residual risk (risk after controls). Verify that residual risk is within the acceptable range. If not, additional controls are required.

HIRA triggers (when to update the register):

• New activity, process, or equipment introduced (management of change)
• Changes in work location, shift patterns, or workforce composition
• Any incident or near-miss — triggers HIRA review for the relevant activity
• Changes in applicable legislation
• Periodic planned review — at least annually, or more frequently for high-risk activities

PrecisionTech conducts HIRA with worker participation built in — involving area supervisors, frontline workers, and union representatives in hazard identification — ensuring the register captures field-level knowledge that management cannot observe from the office.

ISO 45001:2018 Clause 6.1.3 requires identification of all applicable OH&S legal requirements and other compliance obligations, and periodic evaluation of compliance. This is one of the most operationally critical requirements — and one where Indian organisations most frequently have significant compliance gaps. The Indian OH&S legal landscape is complex, fragmented, and under active enforcement intensification.

Central OH&S Legislation (applicable to most organisations):

• Factories Act, 1948: The primary OH&S statute for manufacturing. Applies to any factory with 10+ workers (with power) or 20+ workers (without power). Covers: guarding of dangerous machinery (Sections 21–27), precautions against dangerous fumes and gases, explosive or flammable dust (Section 36–37), precautions in case of fire (Section 38), safety of buildings and machinery (Sections 39–40), welfare (canteen, restrooms, first aid, ambulance room), working hours and overtime limits, employment of women and children. Inspectorate of Factories has right of entry and can issue improvement and prohibition notices.
• Building and Other Construction Workers (Regulation of Employment and Conditions of Service) Act, 1996 (BOCW Act): Applies to all construction projects employing 10+ workers. Very detailed safety provisions for scaffolding, working at height, excavation, demolition, electrical safety on site, fire prevention, PPE requirements, first aid, and welfare. Enforced by state-level BOCW authorities. Employers must register and pay cess. Recent NGT and labour court decisions have increased enforcement significantly.
• Mines Act, 1952: Applies to mining operations — open cast, underground, and preparation plants. Administered by DGMS (Director General of Mines Safety). Highly detailed technical safety regulations for coal, non-coal, and oil mines.
• Dock Workers (Safety, Health and Welfare) Act, 1986: Applies to port and dock operations. Detailed requirements for cargo handling safety, vessel operations, and dock worker welfare.
• Manufacture, Storage and Import of Hazardous Chemical (MSIHC) Rules, 1989: Applies to facilities storing or using threshold quantities of hazardous chemicals. Requires On-Site Emergency Plan (OSEP), Off-Site Emergency Plan (OFEP — prepared by District Authority), major accident notification to authorities, and safety audit by Chief Inspector of Factories. Relevant to chemical, pharma, petroleum, and fertilizer industries.
• Gas Cylinder Rules, 2004: Governs safe use, storage, and transportation of compressed gas cylinders — relevant to manufacturing (oxy-fuel cutting, CO₂ welding, laboratory gases), hospitality (LPG), and healthcare (medical gases).
• Petroleum Act, 1934 and Petroleum Rules, 2002: Governs storage of petroleum products — relevant to any facility with HSD/petrol/kerosene storage above threshold quantities. Requires licence from Chief Controller of Explosives (PESO).
• Static and Mobile Pressure Vessels Rules, 2016: Applies to air compressors, autoclaves, steam boilers above defined pressure — requiring registration, periodic inspection by Inspectorate of Factories or CCOE, and certified operators.
• Contract Labour (Regulation and Abolition) Act, 1970 (CLRA): Governs use of contract workers — principal employer responsible for safety welfare of contract workers if the contractor fails to provide. OH&SMS must address contractor worker safety obligations.
• Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013 (POSH Act): Mandatory Internal Complaints Committee (ICC) for employers with 10+ employees. Psychosocial hazard identification under ISO 45001 must include workplace sexual harassment as a hazard requiring controls.
• Occupational Safety, Health and Working Conditions Code, 2020 (OSH Code): Consolidates 13 existing labour laws including the Factories Act, BOCW Act, Mines Act, and others. Once fully notified, this code will replace the individual statutes. Currently in transition — both old statutes and the code are relevant for compliance planning.

State Factory Rules (examples):

• Maharashtra Factories Rules, 1963 — detailed welfare and safety provisions for MH factories
• Karnataka Factories Rules, 1969 — KA-specific requirements
• Tamil Nadu Factories Rules, 1950 — TN-specific requirements
• Each state has equivalent rules under the Factories Act providing additional state-specific safety requirements

Other compliance obligations (binding once adopted): Customer safety requirements (automotive OEM supplier codes, construction client safety plans), insurance policy safety conditions (some industrial policies require specific safety systems), industry association safety codes (CII, FICCI, NASSCOM sector guidelines).

PrecisionTech builds sector-specific legal compliance registers — reviewed and updated quarterly — with compliance evaluation records demonstrating ongoing conformance for each applicable legal requirement.

The hierarchy of controls is the most important operational concept in ISO 45001:2018 — and the principle that most clearly differentiates a genuine safety management system from a "PPE and permit" compliance exercise. ISO 45001:2018 Clause 8.1.2 explicitly requires that controls be applied in hierarchy order — from most effective (elimination) to least effective (PPE).

The Hierarchy of Controls — in order from most to least effective:

1. Elimination (Level 1 — Most Effective): Physically removing the hazard. No hazard = no risk. This is always the preferred solution — if the hazard does not exist, workers cannot be harmed by it. Examples: discontinuing use of a toxic solvent entirely (substituted by a water-based alternative), automating a manual handling task to remove the manual handling hazard, redesigning a process to eliminate the need for working at height. Elimination is frequently possible but requires engineering investment and management will. Many organisations skip elimination because it requires capital expenditure — ISO 45001 requires justification if a lower-level control is chosen when elimination is feasible.

2. Substitution (Level 2): Replacing the hazard with a less hazardous alternative. The hazard is not eliminated but its magnitude is reduced. Examples: replacing a highly toxic chemical with a less toxic one that achieves the same process result, replacing a manual process with a mechanical one that reduces force requirements, replacing an abrasive blast cleaning process with a chemical cleaning process to reduce silica dust exposure.

3. Engineering Controls (Level 3): Physical changes to the workplace, equipment, or process that isolate workers from the hazard. Engineering controls are passive — they work even if workers don't comply with rules. Examples: machine guarding (fixed guards, interlocked guards), local exhaust ventilation (LEV) for chemical vapours and dust, noise enclosures, safety interlocks on presses, guardrails and edge protection at height, anti-vibration tool mounts, chemical containment and secondary bunding.

4. Administrative Controls (Level 4): Changes to how work is done — procedures, systems, work organisation — that reduce exposure to hazards. Administrative controls rely on human behaviour for their effectiveness, making them less reliable than engineering controls. Examples: safe work procedures (SWPs), permit-to-work (PTW) systems, job rotation to limit cumulative exposure to noise or ergonomic risk, shift scheduling to limit fatigue, risk assessments before starting non-routine work, safety inductions, toolbox talks, training programmes, housekeeping standards.

5. PPE — Personal Protective Equipment (Level 5 — Least Effective): The last line of defence — providing individual protection when hazards cannot be adequately controlled by higher-level measures. PPE effectiveness depends entirely on: selection of the right type and rating for the specific hazard, worker compliance (correct donning, consistent wear), fit and comfort (workers avoid PPE that is uncomfortable), condition (damaged PPE provides false protection), and training. Examples: hard hats, safety boots, safety glasses, face shields, respirators/dust masks, hearing protection, chemical resistant gloves, high-visibility vests, fall arrest harnesses.

Why ISO 45001:2018 emphasises the hierarchy:

• Most workplace fatalities and serious injuries occur because higher-level controls were not implemented — machine guarding was not installed, LEV was not provided, working at height procedures were absent — and PPE was relied upon as the primary control
• PPE fails: workers forget it, remove it in heat, it wears out, it is selected incorrectly. Engineering controls continue to protect even when workers don't think about safety.
• ISO 45001 auditors specifically probe whether the hierarchy has been applied — "Why PPE rather than elimination?" is a common audit question. If the answer is only "cost," this may be a non-conformity.

Common hierarchy of controls failures in Indian workplaces:

• No machine guarding on rotating/moving parts — reliance on "don't touch" instructions (administrative control) rather than a fixed guard (engineering control)
• No LEV for chemical vapours — reliance on respirators (PPE) despite LEV being the appropriate control for regular chemical exposure
• Working at height without edge protection or safety nets — reliance on fall arrest harnesses (PPE) as the primary control when collective protection (guardrails) is feasible
• Chemical exposure above Occupational Exposure Limits (OELs) controlled only by respirators — without investigating process changes or enclosure (engineering controls) that would eliminate the need for respirator use

Worker participation and consultation (Clause 5.4) is the most significant new requirement in ISO 45001:2018 compared to OHSAS 18001, and the clause that most directly embeds the ILO's approach to occupational safety into a management system standard. It reflects the evidence-based understanding that safety management is most effective when workers — who know the hazards of their work from daily experience — are genuinely involved in safety decisions.

The critical distinction — Participation vs. Consultation vs. Communication:

• Communication: Telling workers about safety decisions that have already been made. Example: posting safety notices, issuing safety induction training, displaying HIRA results on notice boards. ISO 45001 requires communication, but this alone does not satisfy Clause 5.4.
• Consultation: Seeking worker input and considering it before OH&S decisions are finalised — but management retains decision-making authority. Workers can influence but not determine outcomes. Example: asking workers to identify hazards in HIRA, asking workers for input on new PPE selection before procurement, consulting workers before changing a safe work procedure.
• Participation: Giving workers direct involvement and influence in OH&S processes — workers actively contribute to decision-making, not just respond to management proposals. Example: worker representatives on the OH&S committee who can raise issues and track management response, workers involved in incident investigation teams, workers conducting safety inspections, workers contributing to HIRA development.

What ISO 45001:2018 requires for worker participation and consultation:

• Establish, implement, and maintain processes for participation AND consultation
• Provide time, training, and resources for participation to be genuine — not token
• Provide access to relevant OH&S information (HIRA results, incident investigation outcomes, safety performance data)
• Remove barriers to participation — workers must not fear reprisal for raising safety concerns
• Consult non-managerial workers on: hazard identification and risk assessment, actions to control risks, competence requirements, training content, changes affecting OH&S, incident investigation
• Consult worker representatives (unions, safety representatives) where they exist

Specific worker participation requirements by clause:

• Clause 5.4(c): Consult workers on hazard identification and risk assessment (HIRA) — workers identify hazards management cannot observe
• Clause 5.4(d): Consult workers on identifying applicable compliance obligations — workers may know of regulatory requirements their supervisors are unaware of
• Clause 5.4(e): Consult workers on establishing safety objectives and their implementation
• Clause 5.4(f): Consult workers on applicable controls and their prioritisation
• Clause 5.4(g): Consult workers on outsourcing and contractor needs
• Clause 5.4(h): Consult workers on what needs to be communicated and how

Practical mechanisms for worker participation in Indian workplaces:

• Safety Committee: Mandatory under Factories Act for factories with 250+ workers — but ISO 45001 requires genuine consultation, not just a nominal committee that meets infrequently. Minutes must show worker representatives raising concerns and management responding with actions and timelines.
• Near-miss reporting system: A documented, genuinely anonymous (or at minimum blame-free) system for reporting near-misses and unsafe conditions — with visible response from management showing reports are acted upon. Response visibility is critical: if workers do not see their reports acted upon, reporting stops.
• Toolbox talks with documented feedback: Pre-shift safety briefings that include a structured opportunity for workers to raise safety concerns — with concerns logged and followed up.
• HIRA workshops with workers: Involving frontline workers in hazard identification workshops rather than having management complete the HIRA without worker input. Workers identify hazards that are invisible from the office — shortcuts taken due to time pressure, tool conditions, informal practices that create risk.
• Safety suggestions scheme: A formal scheme for workers to suggest safety improvements — with transparent processing, decision, and response visible to all workers.

How auditors test Clause 5.4: ISO 45001:2018 auditors ask frontline workers — not managers — about their experience of participation: "Can you tell me a safety concern you raised recently? What happened as a result?" The absence of a credible answer from workers is a significant audit finding.

A Permit-to-Work (PTW) system is a formal administrative safety control used to manage high-risk, non-routine work activities where the consequences of a mistake can be severe or fatal. A PTW is a documented authorisation — signed by a competent authority — that verifies that specific safety precautions have been put in place before high-risk work commences.

Why PTW is required (not just "nice to have"):

For certain work activities, the risk of fatality or serious injury if controls fail is so high that a simple task instruction is insufficient. PTW systems provide: a systematic pre-work safety check (is everything ready?), a formal authorisation (has a competent person confirmed it is safe to proceed?), a communication mechanism (everyone involved knows what is happening and what the hazards are), an isolation record (who has isolated what energy sources), and a closure process (is the work area safe to return to normal operations?).

High-risk activities typically requiring PTW under ISO 45001:2018:

1. Confined Space Entry: Entry into any space that is not designed for continuous human occupancy, has restricted entry/exit, and may have a hazardous atmosphere (oxygen deficiency, toxic gases, flammable vapours). In India, confined spaces include: storage tanks, silos, process vessels, pits, sumps, sewers, tunnels, and crawl spaces. The PTW for confined space entry must cover: atmospheric testing (O₂, CO, H₂S, LEL), ventilation, standby person, rescue equipment, emergency procedures, and rescuer training. Confined space fatalities from atmospheric hazards are among the most frequent industrial fatalities in India — typically involving would-be rescuers as additional victims.

2. Hot Work: Any work involving a source of ignition (welding, cutting, grinding, open flames, use of power tools that generate sparks) in an area where flammable materials, vapours, or gases may be present. PTW for hot work must cover: fire watch, fire extinguisher availability, flammable material clearance radius (minimum 10 metres), atmospheric testing where gas leaks are possible, and monitoring during and after work.

3. Working at Height: Work at any height where a fall could cause injury — in practice, ISO 45001 typically applies PTW for work above 2 metres. PTW must cover: edge protection (guardrail or safety net — collective protection), fall arrest equipment (harness, lanyard, anchor point — individual protection as backup), access equipment condition (scaffold inspection, ladder inspection), overhead protection below the work area, and rescue plan for a worker suspended in a fall arrest harness.

4. Electrical Isolation (Lockout/Tagout — LOTO): Any work on or near electrical equipment, circuits, or machinery where inadvertent energisation could cause electrocution, arc flash, or unexpected machine movement. LOTO PTW must cover: de-energisation procedure, isolation point, lock applied (by the worker performing the task — their personal lock, not the supervisor's), verification (test that the circuit is de-energised), and no other person can re-energise while the lock is in place. LOTO failures are a primary cause of crushing injuries from unexpected machine start-up.

5. Excavation and Trenching: Work involving excavation more than 1.2 metres deep (where there is a risk of collapse), or any excavation near underground services (electricity, gas, water, telecommunications). PTW must cover: underground service survey and marking, shoring or battering requirement, edge protection, equipment exclusion zone, and rescue procedures.

6. Chemical Isolation and Entry (for confined spaces with chemical residues): Entry into vessels or pipes containing or previously containing toxic, corrosive, or flammable chemicals — requiring chemical isolation, purging, cleaning, atmospheric testing, and PPE specification.

PTW system components:

• PTW form: Standardised permit form with sections for: work description, hazard identification, precautions to be implemented, equipment required, issuing authority signature, worker receipt and acknowledgement, permit duration, and closure sign-off
• Roles: Permit Issuing Authority (competent person who verifies precautions are in place), Permit Receiver (person performing the work, accountable for compliance), Standby Person (for confined space entry), Area Safety Officer (witness)
• Valid period: PTW is valid for a defined period (typically one shift) — must be renewed for work continuing across shifts
• Suspension and cancellation: Procedures for suspending or cancelling the PTW if conditions change (gas alarm, fire, personnel change)
• PTW register: All permits issued are logged — for audit trail and incident investigation purposes

PrecisionTech designs PTW systems tailored to each client's specific high-risk activities — not generic template forms that workers cannot follow in practice.

ISO 45001:2018 Clause 10.2 (combined with Clause 9.1.2) requires that work-related incidents — injuries, ill health, near-misses, and dangerous occurrences — are investigated to determine root causes and prevent recurrence. The quality of incident investigation is a critical test of OH&SMS maturity — and one of the most revealing audit activities in a Stage-2 audit.

What constitutes an "incident" under ISO 45001:2018:

• Work-related injury: Any physical harm to a worker arising from or in the course of work — from a fatal accident to a first-aid-level injury
• Work-related ill health: Occupational disease, chronic health conditions caused by work exposure (occupational hearing loss, musculoskeletal disorder, dermatitis, occupational lung disease)
• Near-miss: An unplanned event that did not result in harm but could have — a "free lesson." Near-miss investigation is the highest-value activity in safety management: the near-miss reveals the system failure before someone is hurt.
• Dangerous occurrence: A significant event with injury potential — structural collapse, fire, explosion, chemical release — even if no worker was harmed

The Incident Investigation Process — ISO 45001 requirements:

Step 1 — Immediate response (within hours):

• Emergency response — provide first aid / medical treatment; secure the scene
• Regulatory notification — Factories Act requires immediate notification to Inspector of Factories for fatal accidents and specified dangerous occurrences; state rules specify notification timelines and formats
• Scene preservation — do not disturb the scene before initial documentation (photographs, measurements, witness identification)
• Witness identification and initial statement — capture witness accounts before memory fades

Step 2 — Investigation team formation:

• Team should include: immediate supervisor of affected area, safety officer, HR representative, and — critically under ISO 45001 — a worker representative (union representative or safety committee member). Worker involvement in investigation is a participation requirement.
• Team leader should be competent in incident investigation methodology — not just the most senior person available

Step 3 — Root cause analysis:

The purpose of investigation is to find causes — not blame. Most industrial accidents are caused by system failures, not individual carelessness. Common root cause analysis (RCA) methods:

• 5 Whys: Ask "why did this happen?" repeatedly until the root cause is identified. Example: Worker fell from scaffold → Why? No edge protection → Why? Scaffold erected without safety inspection → Why? No PTW for scaffolding work → Why? PTW system covers confined space and hot work but not scaffolding → Root cause: Incomplete PTW scope
• Fishbone (Ishikawa) Diagram: Categorises potential causes under: People, Method, Machine, Material, Measurement, Environment — useful for complex multi-cause accidents
• Fault Tree Analysis (FTA): Top-down, logical analysis of the sequence of events and conditions that led to the incident — used for complex or high-consequence incidents
• Bow-Tie Analysis: Maps both the threat path (causes → incident) and the consequence path (incident → outcomes) with barriers and their effectiveness — useful for major hazard industries

Step 4 — Corrective and preventive actions (CAPA):

• Actions must address root causes — not just the immediate cause (fixing the immediate cause without fixing the root cause ensures recurrence)
• Actions should apply the hierarchy of controls — prefer engineering controls over administrative controls
• Assign responsible persons, timelines, and verification criteria for each action
• Communicate findings and actions to relevant workers — learning from incidents is itself a participation activity

Step 5 — Effectiveness verification:

• After corrective actions are implemented, verify that they are effective — has the risk that caused the incident been adequately controlled? Add this to the HIRA register.

Common incident investigation failures (audit non-conformities):

• Root cause is recorded as "worker carelessness" or "inattention" — not a root cause, but a symptom. ISO 45001 auditors will reject investigations that blame workers without identifying the system failure that enabled the behaviour.
• Near-misses not investigated — only injuries recorded and investigated. Near-miss investigation is WHERE the safety value lies.
• Investigation conducted only by management without worker involvement
• Corrective actions are administrative (retrain the worker) when engineering controls (machine guard, LEV, edge protection) would address the root cause more reliably
• Regulatory notification requirements not met — Inspector of Factories not notified within required timeframe

ISO 45001:2018 Clause 9.1.1 requires monitoring, measurement, analysis, and evaluation of OH&S performance — but does not specify particular KPIs. The organisation must determine what to monitor, how, when, and using what criteria. Best practice uses a balanced set of lagging indicators (outcome metrics — what happened) and leading indicators (process metrics — what are we doing to prevent incidents).

Lagging Indicators (Outcome Metrics):

LTIFR — Lost Time Injury Frequency Rate: Number of Lost Time Injuries (LTIs — injuries requiring at least one working day/shift away from work) per million hours worked. Formula: (LTI count × 1,000,000) ÷ hours worked. Industry benchmarks vary significantly: construction sector world-class target <1.0; manufacturing world-class <0.5; office-based operations <0.1. Trend over time is more meaningful than absolute value.

TRIFR — Total Recordable Injury Frequency Rate: Number of all recordable injuries (LTIs + medical treatment injuries + restricted work cases) per million hours worked. Broader than LTIFR — catches more of the injury iceberg. Formula: (recordable injury count × 1,000,000) ÷ hours worked.

LTSR — Lost Time Severity Rate: Number of working days lost per million hours worked. Measures the severity of injuries, not just their frequency. Formula: (working days lost × 1,000,000) ÷ hours worked.

TRIR — Total Recordable Injury Rate: (recordable injuries × 200,000) ÷ hours worked — the US OSHA-based equivalent formula. Some international clients and parent companies use this formula.

Fatalities: Any work-related fatality is an extreme OH&S KPI failure. Track by year, with cause classification.

Occupational Disease Rate: New cases of occupational disease per 1,000 workers per year — more difficult to track as occupational diseases often have long latency periods and may be diagnosed years after exposure.

Leading Indicators (Process Metrics — the most actionable for improvement):

Near-Miss Frequency Rate: Number of near-misses reported per million hours worked. A higher near-miss rate often indicates a better-functioning safety culture — workers are reporting rather than hiding near-misses. Target: increasing trend over time (more reporting, not necessarily more near-misses occurring).

Safety Training Completion Rate: Percentage of workers who have completed all required safety training by the due date. Target: 100% of all workers with documented, current safety training relevant to their role and hazards.

PTW Compliance Rate: Percentage of high-risk activities performed with a valid PTW in place vs. total high-risk activities observed during inspections. A rate below 95% indicates a systemic PTW compliance failure.

HIRA Review Completion Rate: Percentage of HIRA reviews completed on schedule following triggers (process change, incident, periodic review). Tracks whether the HIRA is maintained as a living document or filed and forgotten.

Safety Inspection Completion Rate: Planned workplace safety inspections completed on schedule — including equipment inspections, housekeeping audits, fire extinguisher checks, and emergency equipment checks.

Corrective Action Closure Rate: Percentage of safety corrective actions (from incidents, audits, inspections) closed by their due date. A low closure rate indicates system breakdowns in follow-through.

Safety Committee Meeting Regularity: Percentage of planned safety committee meetings held as scheduled — with attendee records and action tracking.

Management Safety Walk Frequency: Number of site safety walks conducted by top management per month — a leading indicator of leadership commitment to safety. ISO 45001 requires visible leadership — safety walkthroughs by the MD/CEO with documented findings and actions are powerful evidence.

PrecisionTech designs customised OH&S KPI dashboards for clients — combining lagging and leading indicators, with monthly reporting templates and management review inputs — ensuring safety performance data drives decisions rather than being compiled for auditors.

Construction is one of India's most hazardous industries — accounting for a disproportionate share of occupational fatalities despite not being the largest employment sector. ISO 45001:2018 is increasingly required by government agencies, developers, and infrastructure clients as a qualification criterion for construction contractors. The application to construction has specific characteristics that differ significantly from fixed-facility manufacturing.

Construction-specific hazard categories and controls:

Working at Height (leading cause of construction fatalities):

• Hazards: Falls from scaffolding, leading edges, formwork, ladders, floor openings, excavation edges, roof structures
• Controls (in hierarchy order): Eliminate — design the structure to minimise WAH work (prefabrication, ground-level assembly); Engineering — scaffolding with toe boards and mid-rails, safety netting, formwork edge protection, floor opening covers; Administrative — WAH permit, scaffold inspection register, ladder safety rules; PPE — full-body harness with correctly specified lanyard and anchor points
• BOCW Act compliance: BOCW (Safety) Rules 1998 specify detailed scaffolding requirements — load capacity, platform width, handrail height, bracing requirements — with mandatory inspection by a competent person before use

Excavation and Trenching:

• Cave-in/trench collapse risk for excavations beyond 1.2m depth without shoring or battering
• Underground service strikes — electricity, gas, water, telecommunications
• Controls: Underground service survey (BESCOM/MSEDCL/BESCOM drawings + CAT scan), shoring or battering specification by competent engineer, access/egress (ladder), edge protection, equipment exclusion zones, daily inspection

Crane and Lifting Operations:

• Crane overload, sling failure, load swing, ground instability under outriggers, overhead power line contact
• Controls: Third-party load test certificate for crane, load charts visible to operator, lift plan for critical lifts (>75% SWL), competent rigger and signal person, exclusion zone below lift, ground bearing capacity assessment for mobile cranes, safe distance from overhead lines (minimum 6m for power lines above 11kV)

Formwork and Falsework:

• Formwork collapse during concrete pour — one of the most catastrophic construction incidents, often causing multiple fatalities
• Controls: Formwork design by a qualified engineer with calculations, inspection before concreting, concrete pour sequence control, monitoring of formwork deflection during pour

Electrical Safety on Construction Sites:

• Temporary electrical distribution — risk of electrocution from damaged cables, inadequate earthing, use of unsuitable equipment in wet conditions
• Controls: Residual Current Devices (RCDs) on all temporary supplies, cable management (no trailing cables in traffic areas), colour-coded inspection tags on portable tools, IP-rated equipment for wet areas

Construction-specific OH&SMS elements:

• Site Environmental and Safety Management Plan (SESMP): Project-specific OH&S plan for each construction site — site layout (first aid room, emergency routes, assembly point), site-specific HIRA, permit-to-work scope for the site, emergency response plan, contractor safety requirements
• Daily safety meetings / toolbox talks: Pre-work safety briefings for all workers — job-specific hazard communication for the day's activities
• Safety induction: Mandatory site-specific safety induction before any worker enters the site — including BOCW Act requirements, emergency procedures, site rules, PTW system, PPE requirements
• Safety inspection checklist: Daily/weekly site safety inspections covering WAH, excavation, lifting equipment, electrical safety, housekeeping, fire prevention, welfare facilities
• Subcontractor safety management: Construction projects use multiple subcontractors — ISO 45001 requires the principal contractor to control subcontractor safety, not just their own direct workers. Subcontractor safety prequalification, safety plan review, and on-site supervision of subcontractor activities are required.

PrecisionTech has specific construction sector experience — implementing ISO 45001 for principal contractors, specialist subcontractors, and project management organisations — with site-level HIRA templates, SESMP frameworks, PTW systems for construction activities, and subcontractor management procedures calibrated to the BOCW Act and client safety plan requirements.

ISO 45001:2018 explicitly includes psychosocial hazards within its hazard identification scope — a significant evolution from OHSAS 18001, which focused almost entirely on physical and chemical hazards. This reflects the growing global and Indian recognition that work-related psychological harm (stress, burnout, anxiety, depression) is a genuine occupational health issue requiring systematic management.

What are psychosocial hazards — ISO 45001 scope:

Work-Related Stress: The physical and emotional response when work demands exceed the individual's capabilities, resources, or perceived ability to cope. ISO 45001 requires organisations to identify the work factors that cause stress — not to monitor individual stress levels, but to control the organisational sources:

• Demand: Excessive workload, unrealistic deadlines, too many responsibilities, excessive working hours, insufficient rest breaks
• Control: Lack of autonomy over work methods, pace, or schedule — feeling micromanaged, no input into decisions affecting own work
• Support: Poor supervisory support, inadequate resources to do the job, poor communication from management, isolation from colleagues
• Relationships: Workplace harassment, bullying, interpersonal conflict, poor team dynamics
• Role: Role ambiguity (unclear what is expected), role conflict (contradictory demands), too little responsibility (boredom, skill underutilisation)
• Change: Poorly managed organisational change — restructuring, redundancy, relocation — creating uncertainty and loss of control

Workplace Harassment and Bullying: Repeated and unreasonable actions targeting a worker that create a risk to their health and safety. ISO 45001 requires hazard identification to include harassment risk — particularly in high-power-distance workplaces, performance-pressured sales environments, and sectors with hierarchical cultures.

Sexual Harassment at Workplace (POSH Act, 2013): Sexual harassment is both an OH&S hazard under ISO 45001 and a specific legal compliance obligation under the POSH Act. The POSH Act requires: Internal Complaints Committee (ICC) for employers with 10+ employees, Annual Report to District Officer, display of penal consequences, and awareness training. The Internal Complaints Committee and its functioning is an ISO 45001 compliance obligation for all Indian organisations.

Shift Work and Long Hours: Particularly relevant for manufacturing (night shifts), healthcare (12-hour hospital shifts), IT (night shifts for international clients), and transport (driving hours). Hazards: fatigue-related error and accident risk, disruption of circadian rhythm, social isolation. Controls: fatigue risk management policies, shift rotation patterns, limits on consecutive night shifts, mandatory rest periods, fatigue monitoring for safety-critical roles (vehicle operators, machine operators).

Violence at Work: Physical violence from clients, customers, or members of the public — relevant to healthcare (patient aggression), banking (armed robbery risk), retail, social services, and security personnel. ISO 45001 requires risk assessment for violence at work where this is a realistic hazard.

Remote Work and Work-From-Home (WFH) Psychosocial Hazards: Post-COVID, remote work is embedded in IT/ITES, consulting, and services sectors. ISO 45001 requires hazard identification to include WFH context — isolation, blurred work-life boundaries, ergonomic hazards of home workstations (covered separately), and inadequate manager support for remote workers.

How Indian organisations address psychosocial hazard controls (practical approach):

• Employee Assistance Programme (EAP) — confidential counselling services for workers experiencing stress, anxiety, or personal problems affecting work
• Workload review process — mechanism for workers to raise workload concerns without fear of reprisal
• Anti-harassment policy and POSH ICC — POSH ICC functioning as a psychosocial hazard control
• Manager training — training supervisors to recognise signs of stress in team members and respond supportively
• Fatigue management policy — shift hours, mandatory rest, driving hours management
• Work-life balance policies — flexible working, leave adequacy, no-contact-outside-hours expectations

A QEHS (Quality, Environmental, Health & Safety) Integrated Management System combining ISO 45001:2018, ISO 9001:2015, and ISO 14001:2015 is the most common and most cost-efficient certification combination for Indian manufacturing organisations. All three standards share the Annex SL Harmonised Structure — making integration straightforward and operationally superior to three separate management systems.

The Integration Advantage — why IMS outperforms three separate systems:

• One policy document covering quality, environment, and OH&S commitments — not three separate policies with potentially conflicting statements
• One context analysis and stakeholder identification covering all three disciplines simultaneously
• One risk management framework — quality risks, environmental aspects/risks, and OH&S hazards/risks managed through a single integrated risk framework
• One objectives framework — QEHS objectives tracked together in an integrated dashboard, enabling trade-off analysis (production schedule pressure vs. safety, quality vs. cost)
• One competence and training system — training needs analysis covers quality, environmental, and safety competence for each role simultaneously
• One document control system — no duplication of documents between three separate systems
• One internal audit programme — multi-standard audit checklists, one audit team covering all three standards, combined audit report. 30–40% fewer audit days than three separate audit programmes.
• One management review — integrated agenda covering quality, environmental, and OH&S performance. One meeting, one set of decisions, one action register.
• One corrective action system — NCRs from quality, environmental, and safety audits all managed in a single CAPA register

Standard-specific elements (separate for each standard):

• ISO 45001 only: HIRA register, OH&S legal compliance register (Factories Act etc.), worker participation and consultation system, PTW system, incident investigation system, OH&S safety performance monitoring (LTIFR, TRIFR, near-miss frequency)
• ISO 14001 only: Environmental aspects and impacts register, environmental legal compliance register (EPA, Water Act etc.), environmental monitoring programme (stack emissions, effluent, energy, waste)
• ISO 9001 only: Customer requirements management, product/service design controls, product conformity monitoring, customer satisfaction measurement, APQP/PPAP (automotive sector)

QEHS IMS — combined certification audit: NABCB-accredited certification bodies (BSI, Bureau Veritas, SGS, TÜV SÜD, DNV, Intertek) offer combined Stage-2 audits for ISO 9001 + ISO 14001 + ISO 45001 — one audit team, one audit visit, three certificates. This reduces total certification cost by 30–40% vs. three separate audits. Annual surveillance audits are also combined.

Implementation sequence options:

• Simultaneous implementation: Most efficient — build the IMS from the start. Recommended when the organisation has no existing certification in any of the three standards.
• Sequential addition: Start with ISO 9001 (most common first certification), add ISO 14001 and ISO 45001. Each addition is a gap assessment and addition of standard-specific elements to an existing IMS framework.
• Priority by business driver: If customer pressure is for safety certification, start with ISO 45001 and plan ISO 9001/14001 addition. If green supply chain is the driver, start with ISO 14001.

PrecisionTech designs and implements QEHS IMS combinations as one of our most common engagement types — with documented experience of combined certification audits achieving all three certificates simultaneously.

Based on patterns across ISO 45001:2018 Stage-1 and Stage-2 audits — the following are the most frequently identified non-conformities:

HIRA failures (most common major NCR category):

• HIRA does not cover all activities — contractor activities, maintenance, non-routine activities (annual shutdown, equipment changeover), loading/unloading, and office-based activities excluded from the register
• HIRA completed by management only — without worker involvement in hazard identification. Auditor interviews frontline workers who identify hazards not in the register.
• Psychosocial hazards absent from HIRA — stress, harassment, fatigue not addressed despite being explicit ISO 45001 requirements
• Risk ratings are uniformly low — significance evaluation applied incorrectly or conservatively, resulting in no significant risks (which is implausible for any manufacturing or construction environment)
• HIRA not updated following incidents or process changes — an incident investigation identified a new hazard but the HIRA register was not updated
• Hierarchy of controls not applied — all controls are administrative (safe work procedure, training) or PPE, without consideration of whether engineering controls are feasible

Worker Participation failures (Clause 5.4 — the most frequently cited major NCR):

• Safety committee exists but records show management domination — worker representatives listed but no evidence they raise issues or that their concerns are resolved
• Near-miss reporting rate is zero or negligible — indicating either a blame culture that suppresses reporting, or no functioning near-miss system
• Worker interviews during Stage-2 reveal workers cannot identify who their safety representative is, or cannot recall raising a safety concern through formal channels
• HIRA developed without worker input — completed by the EHS officer from their desk

Legal Compliance Register failures:

• Register does not cover all applicable legislation — BOCW Act for construction, state factory rules, MSIHC Rules for chemical storage, POSH Act for all employers not captured
• Compliance evaluation records absent — organisation has identified legal obligations but cannot demonstrate periodic evaluation of actual compliance status
• Factories Act compliance documentation not current — Annual Return, Form 26 (First Aid) not updated, Inspectorate of Factories licence not renewed

Operational Control failures (PTW):

• PTW system exists in documentation but not in practice — observation during Stage-2 audit reveals confined space entry or hot work being performed without a valid PTW
• PTW scope is incomplete — PTW covers hot work but not electrical isolation (LOTO), or covers confined space but not working at height above 4 metres
• Workers performing high-risk activities cannot describe the PTW process or their responsibilities under it — indicating training failure

Incident Investigation failures:

• "Worker error" or "carelessness" recorded as root cause — without identification of the system failure that enabled the behaviour
• Near-misses not investigated — only LTI and above investigated, near-misses filed without RCA
• Corrective actions are training-focused — "retrain the worker" without addressing the physical hazard that caused the incident
• Statutory reporting obligations not met — Inspector of Factories not notified of reportable incidents within required timeframe

Management of Change failures:

• New equipment introduced, process changed, new chemical introduced — without HIRA update before the change goes live
• New contract workers onboarded — without safety induction being completed before they start work
• Layout or work area changes — without review of fire evacuation routes and emergency equipment positioning

Emergency Preparedness failures:

• Emergency response drill not conducted — or conducted but not recorded
• Fire extinguisher inspection records missing — extinguishers present but no maintenance or inspection records
• First aid kit contents not inspected or restocked — expired medications, empty kits
• Workers unaware of emergency assembly point or evacuation procedure

ISO 45001:2018 certification timeline and cost depend on several factors. Here is a realistic guide for Indian organisations.

Key factors affecting timeline:

• Industry sector: Construction and manufacturing with complex hazards (chemical, height, machinery) require more extensive HIRA and operational controls than an IT office environment
• Number of workers and sites: More workers = more training, more consultation mechanisms. Multiple sites = site-specific HIRAs and operational controls for each location.
• OH&S incident history: Organisations with recent LTIs, regulatory notices, or previous certification failures may need additional corrective work before Stage-2
• Legal compliance status: Significant compliance gaps (Factories Act violations, pending BOCW registrations, MSIHC non-compliance) require resolution parallel to EMS implementation
• Existing safety system maturity: Organisations with existing safety committees, HIRA, and safe work procedures need less development work
• Worker participation culture: Organisations with low safety participation culture may need 4–6 additional weeks to establish genuine participation mechanisms before audit

Realistic timelines for Indian organisations:

• Small IT/services company (50–200 workers, 1 site, office-based): 6–10 weeks
• Medium manufacturing (200–500 workers, 1–2 sites, established safety function): 10–16 weeks
• Construction contractor (200–1,500 workers, multiple active sites): 12–20 weeks
• Large manufacturing / chemical / pharma (500+ workers, complex hazards): 16–24 weeks
• QEHS IMS (ISO 45001 + ISO 14001 + ISO 9001 simultaneously): Add 4–8 weeks above single-standard timeline
• Transition from OHSAS 18001:2007 (if certificate is not expired): Gap assessment + 6–10 weeks for gap closure

Cost components:

• PrecisionTech consulting fees: Scope-based fee — determined after initial gap assessment based on number of workers, sites, industry hazard complexity, and specific deliverables. Transparent fee proposal provided upfront.
• Certification body audit fees: Stage-1 + Stage-2 + Year 1 surveillance + Year 2 surveillance. NABCB-accredited CB fees: INR 50,000–4,00,000 for initial certification depending on number of employees, sites, and industry risk category. High-risk industries (construction, chemical, mining) typically attract higher per-day audit fees.
• Safety infrastructure: Machine guarding, edge protection, LEV installation, emergency equipment, PTW stationery, PPE rationalisation — the cost of implementing the hierarchy of controls. This varies enormously by organisation but is the safety investment that delivers the real ROI.
• Training costs: Safety induction for all workers, task-specific safety training, PTW training, emergency response training, first aid training, ISO 45001 internal auditor training

Return on investment — quantified benefits:

• Reduced injury costs: Each LTI costs INR 2–15 lakh in medical, compensation, investigation, retraining, and productivity costs. Every prevented LTI is direct cost saving.
• Workers' Compensation / insurance reduction: ISO 45001 certified organisations with improving safety records typically achieve 10–20% premium reductions on group accident policies
• Tender qualification: Government agencies, PSUs, automotive OEMs, and multinational clients increasingly require ISO 45001 certification — unlocking revenue opportunities unavailable to uncertified competitors
• Regulatory risk reduction: Systematic compliance management dramatically reduces the risk of Factories Act prosecution, prohibition notices, and Inspectorate of Factories enforcement actions — which can include plant closure
• Productivity improvement: Safe workplaces are more productive workplaces — reduced absenteeism, lower workforce attrition, improved worker morale, and reduced downtime from incidents

Management of change (MOC) — addressed in ISO 45001:2018 Clause 8.1.3 — is the requirement to systematically evaluate the OH&S implications of any planned or unplanned change before (where possible) or after (where change occurs unexpectedly) it is implemented. Failure to manage change is one of the most common causes of workplace accidents — many incidents occur not in steady-state operations but when something changes.

Types of change requiring OH&S assessment under ISO 45001:

• New or modified processes: Introduction of a new manufacturing process, change in process sequence, modification of machine operations, change in raw materials, change in product specifications
• New or modified equipment/machinery: Installation of new machinery, modification of existing machine guarding, introduction of new tools, installation of automated systems replacing manual operations
• New chemical substances: Introduction of a new chemical, change in chemical supplier (which may change substance hazard profile even for the same chemical name), change in concentration, change in storage quantity
• Physical layout changes: Modification of workplace layout, changes to emergency evacuation routes, introduction of new workstations, changes in pedestrian/vehicle traffic routes
• Workforce changes: Introduction of new workers (induction requirement before they start work), transfer of workers to new roles with different hazard profiles, introduction of contractor workers, change in shift patterns
• Organisational changes: Restructuring, change in management responsibilities, downsizing (often increases risk as remaining workers take on additional tasks)
• Regulatory changes: New legislation or amended standards that impose new safety requirements

The MOC process — how it works:

• Trigger: Any planned change is identified — ideally as early in the planning stage as possible, before capital expenditure is committed
• OH&S impact assessment: A designated competent person (EHS officer, safety engineer, or trained line manager) reviews the change against the HIRA — does the change introduce new hazards? Does it alter the severity or likelihood of existing risks?
• HIRA update: If the change introduces new hazards or significantly modifies existing risk levels, the HIRA register is updated before the change is implemented
• Control implementation: Any additional controls identified in the updated HIRA are implemented — machine guarding installed, training provided, PTW updated, emergency procedure revised
• Communication and training: Affected workers are informed of the change and its OH&S implications before they start working under the new conditions
• Documentation: MOC records maintained — change description, OH&S assessment findings, actions taken, authorisation signature

Temporary changes — an often-overlooked MOC trigger:

Temporary changes are as important as permanent changes — and often more hazardous because temporary workarounds are frequently improvised without systematic risk assessment. Examples: temporary use of a bypass for a failed safety interlock, temporary machine guarding removal during maintenance, temporary workers covering for absent permanent staff, temporary process changes during equipment trials.

PrecisionTech designs MOC systems that are practical and scalable — a simple MOC checklist for minor changes, a more formal process for major capital changes, with clear thresholds defining which type of process applies. The most common failure is an over-engineered MOC process that is too cumbersome for everyday use and therefore bypassed by site management.

ISO 45001:2018 is universally applicable — including to IT/ITES companies, financial services, consulting firms, and any office-based organisation. While the hazard profile differs substantially from manufacturing, office workplaces have real OH&S risks that require systematic management. ISO 45001 certification for IT companies is increasingly driven by large banking, financial services, and government clients who require supplier OH&S certification as part of vendor due diligence.

Significant OH&S hazards for IT/ITES organisations:

Physical Hazards:

• Fire: Server rooms, dense electrical infrastructure, UPS battery banks — significant fire risk requiring comprehensive fire detection, suppression, and evacuation systems. Gaseous fire suppression (FM-200, Novec 1230) in server rooms creates a toxic atmosphere hazard for personnel caught inside at discharge.
• Electrical: High-voltage electrical infrastructure (UPS systems, HT panels, transformers), DG set electrical systems — risk of electrocution for maintenance personnel. Requires LOTO procedure for electrical maintenance.
• Slips, trips, falls: Cable management (data cables creating trip hazards), wet floor markings, staircase safety, parking lot lighting
• Material handling in data centres: Server racking (heavy lifting, awkward postures), manual handling of UPS batteries

Ergonomic Hazards:

• Musculoskeletal disorders (MSDs): The most prevalent occupational health issue for IT workers — neck/shoulder pain, back pain, wrist/forearm disorders from prolonged computer use, static postures, and mouse work. Control: ergonomic workstation assessment (monitor height, chair adjustment, keyboard/mouse position), sit-stand desks, regular micro-breaks, DSE (Display Screen Equipment) assessment for all VDU users.
• Eye strain: Prolonged screen use causing eye fatigue, headaches — control: lighting design (500 lux at task, reduced reflection), screen distance and angle, periodic eye examinations for regular VDU users

Psychosocial Hazards (most significant OH&S category for IT):

• Work-related stress: Project deadline pressure, client-facing roles with escalation pressure, on-call requirements, performance management pressure, uncertain contract employment — all significant stress sources in IT/ITES
• Long working hours: Culture of extended hours — particularly in product development, night shifts for international time zones, on-call systems. Fatigue risk for critical system administrators and on-call engineers.
• Night shift work: 40-60% of ITES employees work night or rotating shifts. Circadian rhythm disruption, social isolation, increased health risk for long-term night shift workers.
• POSH Act (Sexual Harassment): Mandatory ICC requirement, awareness training, annual reporting — directly applicable to all IT companies with 10+ employees

Work-From-Home (WFH) Hazards:

• Ergonomic hazards of home workstations (dining table, sofa work) — significantly higher MSD risk than office workstations
• Psychosocial hazards — isolation, blurred work-life boundaries, inadequate manager support for remote workers
• Electrical safety at home — extension cords, adapter overloading, inadequate earth connections
• Fire safety at home — no workplace fire detection or suppression for WFH workers
• ISO 45001 requires HIRA to include WFH activities and OH&S requirements to be communicated to WFH workers

IT-specific OH&SMS practical elements:

• Ergonomic workstation assessment programme — all workstations assessed for all VDU users; assessment records maintained
• WFH OH&S policy and self-assessment checklist — workers complete workstation self-assessment for home working environment
• Stress management programme — EAP (Employee Assistance Programme), manager training on stress identification
• POSH ICC — Internal Complaints Committee, policy, annual awareness training, annual report to District Officer
• Fire evacuation drill — quarterly fire drills, BCP (business continuity planning) for emergency scenarios
• Server room LOTO — electrical isolation procedure for data centre maintenance personnel

ISO 45001:2018 Clause 5.1 places specific, non-delegable obligations on top management — the person or group with ultimate accountability for the organisation (MD, CEO, Board). This reflects the fundamental OH&S principle that safety is a leadership responsibility, not an EHS department function. ISO 45001:2018 specifically prohibits delegating the EMS to a "safety officer" and considering the obligation discharged.

What top management must personally demonstrate under ISO 45001:2018 Clause 5.1:

• Overall accountability for preventing work-related injury and ill health: Top management cannot simply state "the EHS officer is responsible for safety." ISO 45001 requires top management to be personally accountable for the OH&SMS outcomes — including fatalities and serious injuries that occur on their watch.
• Ensuring the OH&S policy and objectives are compatible with the strategic direction: Safety objectives must be aligned with the business strategy — not disconnected from operational priorities. If the business strategy drives production at all costs and the safety objective is zero LTI, the strategic alignment must be genuine.
• Integrating OH&SMS into business processes: Safety management must be embedded in how decisions are made — procurement (are safer machines purchased even if they cost more?), contracting (are contractor safety records evaluated in contractor selection?), project planning (is adequate time planned for safe work?), financial planning (is safety infrastructure adequately budgeted?).
• Providing resources: Explicitly ensuring that financial, human, and technology resources for OH&SMS are adequate. Certification body auditors test this by asking: "Has any OH&SMS resource request been denied? Why?" Systematic resource denial is a leadership commitment failure.
• Communicating the importance of effective OH&S management: Actively and visibly communicating safety importance — not just signing the policy. This means: discussing safety in all-hands meetings, having safety as a standing item in board/leadership team meetings, personally conducting safety walkthroughs with documented findings, responding visibly and promptly to serious incidents.
• Ensuring the OH&SMS achieves intended outcomes: Reviewing OH&S performance data, acting on adverse trends, making decisions to invest in additional controls when performance deteriorates.
• Directing and supporting relevant management roles: Ensuring all department heads and line managers understand their OH&S responsibilities and are held accountable for safety performance in their areas — not just the EHS officer.
• Ensuring worker participation: Top management must personally support and enable worker participation and consultation — actively encouraging workers to report near-misses, raise safety concerns, and participate in OH&S committees, without fear of reprisal.
• Supporting OH&S management roles: Supporting the EHS function with authority, resources, and access to top management — not isolating the safety officer as a compliance administrator.

How auditors test top management leadership commitment:

In Stage-2 audits, the auditor always requests an interview with the MD/CEO or most senior available leadership. Questions include: "What are the significant OH&S risks in your organisation?" "What is your current LTIFR?" "When did you last visit the shop floor/site for a safety walkthrough?" "What OH&S actions did you take following the last management review?" Inability to answer these questions credibly is a major audit finding — and a direct signal of lack of leadership commitment.

PrecisionTech coaches top management teams on their ISO 45001:2018 leadership obligations — including leadership safety walkthrough preparation, management review facilitation, and safety performance KPI interpretation.

The ISO 45001:2018 internal audit (Clause 9.2) is a mandatory requirement — planned audits at defined intervals to determine whether the OH&SMS conforms to the standard and the organisation's own requirements, and whether it is effectively implemented. It is the primary quality assurance mechanism between external certification body visits.

Internal audit programme structure:

• Annual audit schedule: Risk-based — areas with significant hazards, recent incidents, or previous non-conformities receive more frequent audit attention. All clauses and all in-scope sites must be covered over the audit cycle.
• Auditor competence: Internal auditors must understand ISO 45001:2018 requirements and audit methodology. PrecisionTech provides ISO 45001 internal auditor training (2-day course) covering the standard, audit planning, evidence gathering, worker interviewing, and corrective action writing.
• Impartiality: Auditors do not audit their own work. In small organisations, this may require cross-auditing between safety and operations roles, or use of an external auditor for some areas.
• Worker participation in audit: ISO 45001:2018 explicitly requires worker participation in the audit process — internal auditors should interview frontline workers, not just managers, and should involve worker safety representatives in the audit scope and findings review.

What the ISO 45001:2018 internal audit must cover:

Document review:

• HIRA register — current, covers all activities, includes all hazard categories, significance evaluation applied correctly, hierarchy of controls applied
• Legal compliance register — current, includes all applicable legislation, compliance evaluation records up to date
• Worker participation records — safety committee minutes with worker-raised issues and management responses, near-miss reports, HIRA review participation records
• PTW records — permits issued, completed, and closed. Sample review of 5–10 permits for completeness.
• Incident investigation records — all incidents investigated, root causes identified (not "worker error"), CAPAs assigned and tracked to closure
• Training records — safety induction for all workers, task-specific training, PTW training, emergency response training
• Emergency preparedness — drill records, first aid kit inspection records, fire extinguisher maintenance records

Implementation audit (site walkthrough):

• Observe work in progress — are workers following safe work procedures? Are PPE requirements being met? Are machine guards in place and intact?
• Observe high-risk activities — if confined space entry, hot work, or WAH is occurring, is a valid PTW in place?
• Interview frontline workers — do they know the hazards of their work? Do they know how to report a near-miss? When did they last participate in a toolbox talk? Have they attended safety committee meetings?
• Inspect emergency equipment — fire extinguishers (correct type for area hazard, current inspection tag), first aid kit (stocked, unexpired), emergency exit signage (lit, unobstructed), emergency shower/eyewash (where chemical hazards present)
• Inspect chemical storage — appropriate containers, SDS/MSDS available, secondary containment, segregation of incompatible chemicals, quantity limits within consent conditions
• Inspect housekeeping — walkway clearance, slip/trip hazard identification, waste management

Closing meeting: Present findings — conformities, observations, non-conformities (major/minor). Agree CAR timelines with area manager and worker safety representative.

PrecisionTech conducts the first internal audit for new OH&SMS clients — setting the standard, training client auditors through accompaniment, and establishing the audit report template used for subsequent internal audits.

Understanding the certification audit process prepares organisations effectively and prevents common surprises. Here is a detailed guide for Indian organisations pursuing ISO 45001:2018.

Selecting a Certification Body: ISO 45001:2018 certification must be issued by a certification body accredited by an IAF member body. In India: NABCB (National Accreditation Board for Certification Bodies). Verify NABCB accreditation on the NABCB website before engaging any certification body. NABCB-accredited certification bodies for ISO 45001 include BSI, Bureau Veritas, SGS, TÜV SÜD, DNV, Intertek. Selection criteria: sector-specific auditor expertise (construction auditors for construction clients, manufacturing auditors for manufacturing), turnaround time for audit reports, international recognition of certificate (important for export-market and multinational clients), and commercial terms.

Stage-1 Audit (Documentation Review — 1–3 days):

• Objective: Confirm OH&SMS documentation is sufficient and the organisation is ready to proceed to Stage-2
• Location: Often conducted remotely — document package shared via secure link; site visit element may be included for site layout familiarisation
• Documents reviewed: OH&S policy, OH&SMS scope, HIRA register (completeness of hazard coverage), legal compliance register (legislation identification), OH&S objectives, key safe work procedures, PTW system, emergency preparedness procedures, internal audit records, management review records
• Common Stage-1 observations: HIRA incomplete (psychosocial hazards absent, maintenance activities not covered), compliance register missing legislation, PTW system not developed, near-miss reporting system not implemented
• Output: Stage-1 audit report — conformities, observations (must address before Stage-2), non-conformities (prevent Stage-2 proceeding until closed). Recommended Stage-2 date range.

Gap between Stage-1 and Stage-2 (typically 4–12 weeks): Address Stage-1 observations. Ensure all operational controls are implemented in practice (records generated — PTW records, near-miss reports, safety committee meeting minutes). Complete safety induction for all workers. Conduct at least one emergency response drill with records.

Stage-2 Audit (Implementation Effectiveness — 2–6 audit days depending on scope):

• Objective: Verify the OH&SMS is effectively implemented, not just documented
• Location: On-site — all significant hazard areas must be visited
• Opening meeting: Audit team, organisation representatives including a worker safety representative, scope, agenda, logistics
• Site walkthrough: Auditor visits all significant hazard areas — production floor, chemical storage, working at height areas, confined spaces, electrical rooms, maintenance workshop — observing actual conditions vs. documented controls
• Worker interviews (critical): Auditor interviews 8–15 frontline workers without manager present — testing: OH&S hazard awareness, knowledge of safe work procedures, near-miss reporting experience, worker participation in safety decisions. Worker interview findings are highly revealing of real safety culture vs. documented system.
• Records review: 3–6 months of HIRA records, PTW records, training records, incident investigation records, safety committee meeting minutes, management review records, compliance evaluation records
• Management interview: Top management interview testing leadership commitment, safety performance knowledge, and resource provision decisions
• Output: Stage-2 audit report — conformities, observations, and non-conformities (major/minor)

Non-conformity resolution: Minor NCRs closed within 30–90 days with evidence submission. Major NCRs — certificate cannot issue until closed; supplementary audit visit may be required. PrecisionTech manages NCR closure for clients — drafting corrective action plans, implementing required changes, and preparing evidence packages for CB review.

Certificate issuance and surveillance: ISO 45001:2018 certificate issued — valid 3 years. Annual surveillance audits (Year 1 and Year 2), recertification audit (Year 3). PrecisionTech provides annual maintenance support — HIRA updates for process changes, legal register updates for legislative changes, internal audit conduct, management review facilitation, and surveillance audit preparation.

PrecisionTech's ISO 45001:2018 consulting methodology is built around a single principle: a safety management system that protects workers, not one that protects the organisation's certification. The most common failure of ISO 45001 consulting is producing documentation that satisfies auditors but does not change how workers are protected. Our approach is different at every stage.

1. HIRA Based on Field Reality, Not Office Assumptions: We conduct HIRA with frontline workers as active participants — area supervisors, machine operators, maintenance technicians — not just with the EHS officer. Workers identify hazards that management cannot observe: informal shortcuts taken under production pressure, tool conditions that create risk, poorly designed workstations that cause repetitive strain, chemical handling practices that deviate from the written procedure. Our HIRA registers capture the workplace as it actually operates, not as management imagines it to operate.

2. India-Specific Legal Compliance: We maintain a current, sector-specific database of Indian OH&S legislation — central laws, state factory rules, district-level requirements — and build compliance registers that reflect the actual regulatory landscape each client faces. We identify existing compliance gaps proactively and help resolve them during implementation, not post-certification. Achieving ISO 45001 while remaining non-compliant with the Factories Act is not a success.

3. Worker Participation as Culture Change, Not Checkbox: We design participation mechanisms that workers actually use — near-miss reporting systems that managers visibly respond to, safety committees that produce visible outcomes, toolbox talks that include genuine two-way dialogue. The certification body auditor will interview workers. We prepare the system so that workers give authentic evidence of genuine participation — not because they have been coached, but because participation is genuinely happening.

4. Hierarchy of Controls Applied, Not Just Documented: We challenge clients to apply engineering controls before defaulting to PPE — identifying where machine guarding, LEV, edge protection, or process redesign is feasible and cost-justified. We build the business case for safety investment using avoidable incident cost data, not just regulatory risk arguments.

5. Safety KPI Design that Drives Decisions: We design balanced scorecards of leading and lagging indicators — LTIFR, TRIFR, near-miss rate, PTW compliance rate, training completion rate, corrective action closure rate — with monthly reporting templates that enable management to identify trends and act proactively, not reactively. Safety data should drive decisions, not just satisfy auditors.

6. Sector-Specific PTW and SWP Development: Our safe work procedures and PTW systems are written for the specific activities in each client's workplace — not adapted from generic templates. A pharma facility's confined space PTW differs from a construction site's. A chemical plant's chemical isolation procedure differs from an IT data centre's electrical LOTO. Specificity is what makes operational safety controls work in practice.

7. Post-Certification Continuity: Certification is the beginning, not the end. PrecisionTech provides annual maintenance retainers — covering HIRA updates for process changes, legal register amendments, incident investigation support, internal audit conduct, management review facilitation, and surveillance audit preparation. Our clients maintain their certification across the full 3-year cycle with continuously improving OH&S performance — not just a certificate on the wall.