SIST ISO 45002:2023

© ISO 2022 – All rights reserved
ISO/FDIS 45002:2022(E)
Date: 2022-0810-13
ISO TC 283/WG 3
Secretariat: BSI
Occupational health and safety management systems — General
guidelines for the implementation of ISO 45001:2018

---------------------- Page: 1 ----------------------
ISO/FDIS 45002:2022(E)
© ISO 2022
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of
this publication may be reproduced or utilized otherwise in any form or by any means, electronic or
mechanical, including photocopying, or posting on the internet or an intranet, without prior written
permission. Permission can be requested from either ISO at the address below or ISO’s member body in the
country of the requester.
ISO Copyright Office
CP 401 • CH-1214 Vernier, Geneva
Phone: + 41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland.
ii © ISO 2022 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/FDIS 45002:2022(E)
Contents
Foreword . v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Context of the organization . 1
4.1 Understanding the organization and its context . 1
4.2 Understanding the needs and expectations of workers and other interested parties 5
4.3 Determining the scope of the OH&S management system . 9
4.4 OH&S management system . 11
5 Leadership and worker participation . 11
5.1 Leadership and commitment . 11
5.2 OH&S policy . 13
5.3 Organizational roles, responsibilities and authorities . 15
5.4 Consultation and participation of workers . 16
6 Planning . 18
6.1 Actions to address risks and opportunities . 18
6.1.1 General . 18
6.1.2 Hazard identification and assessment of risks and opportunities . 19
6.1.3 Determination of legal requirements and other requirements . 32
6.1.4 Planning action . 35
6.2 OH&S objectives and planning to achieve them . 36
6.2.1 OH&S objectives . 36
6.2.2 Planning to achieve OH&S objectives . 37
7 Support . 38
7.1 Resources . 38
7.2 Competence . 39
7.3 Awareness . 41
7.4 Communication . 43
7.4.1 General . 43
7.4.2 Internal communication . 45
7.4.3 External communication . 46
7.5 Documented information . 47
7.5.1 General . 47
7.5.2 Creating and updating . 49
7.5.3 Control of documented information . 50
8 Operation . 51
8.1 Operational planning and control . 51
8.1.1 General . 51
8.1.2 Eliminating hazards and reducing OH&S risks . 55
8.1.3 Management of change . 58
8.1.4 Procurement . 59
8.2 Emergency preparedness and response . 62
9 Performance evaluation . 67
9.1 Monitoring, measurement, analysis and performance evaluation . 67
© ISO 2022 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/FDIS 45002:2022(E)
9.1.1 General . 67
9.1.2 Evaluation of compliance . 71
9.2 Internal audit . 72
9.2.1 General . 72
9.2.2 Internal audit programme . 72
9.3 Management review . 74
10 Improvement . 76
10.1 General . 76
10.2 Incident, nonconformity and corrective action . 76
10.3 Continual improvement . 79
Bibliography . 81

iv © ISO 2022 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/FDIS 45002:2022(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO
collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any
patent rights identified during the development of the document will be in the Introduction and/or on
the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO’s adherence to the World
Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 283, Occupational health and safety
management.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
© ISO 2022 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO/FDIS 45002:2022(E)
Introduction
An organization is responsible for the occupational health and safety (OH&S) of its workers. This
responsibility includes promoting and protecting their physical and mental health. The organization is
also responsible for taking steps to protect others who can be affected by its activities. This is best
achieved through an OH&S management system.
The purpose of an OH&S management system is to provide a framework for managing OH&S risks and
opportunities, and for managing risks and opportunities to the management system itself. The intended
outcomes of the OH&S management system are to continually improve the OH&S performance, to fulfil
legal requirements and other requirements, and to achieve the OH&S objectives.
This document is intended to givegives guidance on how to implement the requirements in
ISO 45001:2018 in any type of organization and should be used in conjunction with this
standard.ISO 45001:2018. Where ISO 45001:2018 states what needs to be done, this document expands
on that and gives guidance, including real-life cases, on how it can be done. A complement to this general
guidance could be theis a handbook “ISO 45001:2018 occupational health and safety management
systems - a practical guide for small organizations”., see Reference [2].
The intention of ISO 45001:2018 is to enable organizations to protect all workers from injury and ill
health, regardless of individual characteristics. This document provides additional guidance on how to
ensure the specific needs of individuals and groups of workers are addressed, recognizing that a generic
approach to OH&S management can lead to the needs of different genders, age and minority groups not
being fully addressed.
Many requirements of ISO 45001:2018 contain terms such as “as appropriate”, “as applicable“,” or
“relevant”. These terms signal that the organization should determine whether and how the requirement
pertains to the organization, taking into account its conditions, processes, or context. In this document,
the meaning of these terms is as follows:
• — “as appropriate” means: suitable or proper in the circumstances thisand implies some degree of
freedom, i.e. it is up to the organization to decide what to do,;
• — “as applicable” means: possible to apply and implies that if it can be done, it should be done. ;
• — “relevant” means: directed and connected to the subject, i.e. pertinent.
The OH&S management system approach applied in this document is founded on the concept of Plan-Do-
Check-Act (PDCA). The PDCA concept is an iterative process used by organizations to achieve continual
improvement. It can be applied to an OH&S management system and to each of its individual elements,
as follows:
a) Plan: determine and assess OH&S risks, OH&S opportunities and other risks and other opportunities
that can influence the intended outcomes of the OH&S management system and establish OH&S
objectives and processes necessary to deliver results in accordance with the organization’s OH&S
policy.
b) Do: implement the processes as planned.
c) Check: monitor and measure activities and processes with regard to the OH&S policy and OH&S
objectives and report the results.
d) Act: take actions to continually improve the OH&S performance to achieve the intended outcomes.
The PDCA concept and relationship to this document is shown in Figure 1.
vi © ISO 2022 – All rights reserved

---------------------- Page: 6 ----------------------
ISO/FDIS 45002:2022(E)

NOTE The numbers given in brackets refer to the clause numbers in this document.
Figure 1 — Relationship between PDCA and the framework in this document
© ISO 2022 – All rights reserved vii

---------------------- Page: 7 ----------------------
FINAL DRAFT INTERNATIONAL STANDARD ISO/FDIS 45002:2022(E)

Occupational health and safety management systems — General
guidelines for the implementation of ISO 45001:2018
1 Scope
This document gives guidance on the establishment, implementation, maintenance and continual
improvement of an occupational health and safety (OH&S) management system that can help
organizations conform to ISO 45001:2018.
NOTE 1 While the guidance in this document is consistent with the ISO 45001:2018 OH&S management system
model, it is not intended to provide interpretations of the requirements in ISO 45001.
NOTE 2 The use of the term “should” in this document does not weaken any of the requirements in ISO 45001:2018
or add new requirements.
NOTE 3 For most of the clauses in this document, there are real-life cases on how different types of organizations
have implemented the requirements. These are not intended to suggest the only or best way to do this, but to
describe one way this was done by an organization.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 45001:2018, Occupational health and safety management systems — Requirements with guidance for
use
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 45001:2018 apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https://www.iso.org/obp
— IEC Electropedia: available at https://www.electropedia.org/
4 Context of the organization
4.1 Understanding the organization and its context
To be able to implement an effective OH&S management system, the organization needs to understand
the context within which it operates and to determine what issues can make it easier or more difficult to
achieve the intended outcomes of the OH&S management system. The intended outcomes as included in
© ISO 2022 – All rights reserved 1

---------------------- Page: 8 ----------------------
ISO/FDIS 45002:2022(E)
the definition of “occupational health and safety management system” (see ISO 45001:2018;, 3.11) are to
prevent injury and ill health to workers and to provide safe and healthy workplaces. It includes
enhancement of OH&S performance, fulfilment of legal requirements and other requirements, and
achievement of OH&S objectives. These are the minimal, core outcomes but an organization can set
additional intended outcomes such as going beyond the requirements of ISO 45001:2018, e.g.
encouraging a supplier to also implement an OH&S management system.
The organization should be aware that external and internal issues can change, and therefore, should be
monitored and reviewed. It is advisable for an organization to conduct reviews of its context at planned
intervals and through activities such as management review.
Examples of external issues that can affect the intended outcomes of an OH&S management system are:
Internal issues
— economic and financial situation, economic activity;
— business sector, markets, international commerce activities, the needs and expectations of interested
parties (contractors, insurance companies, etc.);
— supply chain requirements, including modern slavery;
— terrorist threats;
— technological innovations, equipment, products and systems evolution, the knowledge of OH&S
effects of products and work equipment;
— political and social unrest;
— legal requirements and other requirements, including legislation, sectoral agreements, conventions
and voluntary agreements subscribed to by the organization;
— institutional needs and expectations;
— the geographical location of the company;
— environmental concerns that can have an impact on health and safety, including climate change and
pollution;
— potential emergency situations including pandemics but also floods, earthquakes, etc.
Examples of internal issues that can affect the intended outcomes of an OH&S management system are:
— consultation and participation, issues raised by workers and other interested parties that can impact
the organization’s internal activities and its OH&S management system;
— internal requirements:, including policies and practices, mission, vision, values, objectives, strategies,
agreements, and guidelines;
— what has been known to cause injuries and ill health in the past;
— organization structure and governance model, work scope, work shifts, roles, functions and
responsibilities;
— work centres and distribution;
2 © ISO 2022 – All rights reserved

---------------------- Page: 9 ----------------------
ISO/FDIS 45002:2022(E)
— demography (e.g. gendersgender of workers, age range, racial identities, range of languages, workers
with disabilities);
— conditions and extension of services and activities;
— globalization and internalization of the company;
— cultural diversity (e.g. inclusion, racial identities and backgrounds, cultural and religious beliefs,
proficiency in languages, literacy and education levels);
— financial, human (availability, competence, etc.) and technological resources (availability and
conditions of equipment, products, facilities, systems and workplaces) and distribution of resources;
— general planning;
— processes, products and services.

External issues
• economic and financial situation, economic activity;
• business sector, markets, international commerce activities, the needs and expectations of
interested parties (contractors, insurance companies, etc.);
• supply chain requirements, including modern slavery;
• terrorist threats;
• technological innovations, equipment, products and systems evolution and the knowledge of
OH&S effects of products and work equipment;
• political and social unrest;
• legal requirements and other requirements: legislation, sectoral agreements, conventions,
voluntary agreements subscribed to by the organization;
• institutional needs and expectations;
• the geographical location of the company
• environmental concerns that can have an impact on health & safety, including climate change and
pollution:
• potential emergency situations including pandemics but also floodings, earthquakes etc.
An organization can choose to document this information if it wants to adopt a more structured approach
to its OH&S management system. However, the absence of such documentation should not impact the
ability of the organization to seek and demonstrate conformity to ISO 45001, where it can evidence a
structured approach by other means.
The organization can use different methodologies to determine and evaluate the external and internal
issues. One example is analysing strengths, weakness, opportunities and threats. See Clause 5 for
guidance on how to involve workers in this process.
The issues dealt with in this clause are mainly related to the impact on the OH&S management system
and are usually analysed at high levels of the organization. Specific OH&S risks are dealt with at
operational levels and are considered in 6.1.2 and 6.1.3.
EXAMPLE Real life case 1 on how to implement requirements in ISO 45001:2018, 4.1.
© ISO 2022 – All rights reserved 3

---------------------- Page: 10 ----------------------
ISO/FDIS 45002:2022(E)
A diverse service organization implemented the requirements of 4.1 and made a high-level analysis of issues by
conducting a brain-stormingbrainstorming exercise with participation from OH&S staff, other workers and worker
representatives, knowledgeable persons from various parts of the organization and someone from top management
who champions OH&S. The team discussed external and internal issues from a wide perspective and determined
which were relevant for the OH&S management system. This then served as input to identify interested parties (see
4.2), determine scope (see 4.3), and address risks and opportunities (see 6.1).
Even though there is no requirement in ISO 45001:2018 to document the result of this context work, the
organization chose to do that anyway and ensure that the whole team agreed on the result. They created a bridge
from context to planning by documenting each relevant issue in a categorized way, stating if this was a current or
future issue, and if it had a positive or negative potential. They also put a value to its relative importance and stated
how the issue should be managed in their system (as an OH&S risk, potential emergency, risk to the management
system, other opportunity, etc.). Table 1 shows part of what they found.
This context exercise is reviewed when there are significant external or internal changes that affect the organization
or the OH&S management system and otherwise when deemed appropriate by the organization.
Table 1 — Some of the external and internal issues found
Category Issue Time Negative OHSMS Managed as
frame or OH&S
positive management
system
importance
Culture: Lack of OH&S interest from top Current Negative High OH&S
internal management management
system risk
Workplace Working at heights with customer Current Negative Medium OH&S risk
hazard installations
Workplace Noise levels in some operations Current Negative High OH&S risk
hazard
Economy: Lack of financial resources for Future Negative Medium Currently not
internal investing in OH&S improvements managed
Activities: Inadequate chemical management Current Negative Medium OH&S risk
internal
Resources: Improvement of OH&S staff Current Positive Medium OH&S
internal competence beyond requirements management
system
opportunity
Technology: New technologies for eliminating Current Positive High OH&S
external hazards and mitigating OH&S risks management
developed system
opportunity
Interested Requirements from customers Future Positive High OH&S
parties: regarding OH&S management management
external system certification system
opportunity
Interested Lack of participation from worker Current Negative High OH&S
parties: representatives management
internal system risk
4 © ISO 2022 – All rights reserved

---------------------- Page: 11 ----------------------
ISO/FDIS 45002:2022(E)
Category Issue Time Negative OHSMS Managed as
frame or OH&S
positive management
system
importance
Company: Poor internal OH&S Current Negative Medium OH&S
internal communication management
system risk
Resources: Suppliers of OH&S protection Future Negative Medium OH&S
external equipment, including personal management
protective equipment (PPE) are not system risk
always able to deliver required
goods when there is increased
market demand
Company: Lack of specific consideration Current Negative High OH&S risk
internal for issues related to gender,
non-binary workers and other
specific groups as well as
provision for these groups
4.2 Understanding the needs and expectations of workers and other interested parties
The needs and expectations (i.e. requirements) of workers and other interested parties are important
when considering the context in which the organization operates. It is important that the organization
takes into account the characteristics of its workers and how these can affect needs and expectations.
Different genders and age groups maycan have very different needs and expectations than others.
Minority groups (e.g. ethnic minorities, workers with physical or mental disabilities, workers of non-
traditional gender or sexuality) also have needs and expectations which are not always recognized or
understood. Determining interested parties that are relevant to the OH&S management system and
developing a relationship with them enables communication, which can improve worker participation,
remove obstacles to participation, lead to a culture that supports OH&S, and build mutual understanding,
trust and respect.
The organization should identify the relevant needs and expectations of workers and other interested
parties, to determine those that it has to comply with and voluntary agreements that it chooses to comply
with. The methods used and resources applied can vary depending on, for example, the size and nature
of the organization, the finances available, the OH&S risks and opportunities that should be addressed,
and the organization’s experience with OH&S management.
There are three steps that are typically taken to determine what the organization should comply with:
— Step 1: Determining other relevant interested parties, in addition to workers. Workers at all levels
are always at the heart of the OH&S management system. However, other interested parties that are
relevant to the OH&S management system. can include:
a)— trade unions and worker representatives;
b)—regulatory or statutory agencies;
c)— communities;
d)— owners, including investors/shareholders;
e)— neighbours;
© ISO 2022 – All rights reserved 5

---------------------- Page: 12 ----------------------
ISO/FDIS 45002:2022(E)
f)— other companies related to the organization, likesuch as contractors or, suppliers or clients;
g)— institutional bodies, likesuch as inspectorates, OH&S national institutes, and OH&S research
groups;
h)— other bodies or companies related to injuries or illnesses, likesuch as social security,
compensation bodies and insurance companies;
i)— customers (e.g. those requiring suppliers to implement an OH&S management system or that
have specific OH&S-related requirements;);
j)— people that can occasionally be in the facilities or under the control of the organization:, such as
visitors, consultants, transport workers, and workers of contractors or suppliers.
Interested parties can change over time and can depend on the sector, industry or the geographic
location in which the organization operates. Changes in the external or internal or external issues
that are part of the organization’s context can also result in a change in interested parties. It can be
good practice to keep this information up to date.
— Step 2: Determining the relevant needs and expectations (i.e. requirements) of workers and other
interested parties.
The next step is to determine the requirements (needs and expectations) of the interested parties, in
relation to OH&S. Examples of needs and expectations relevant to OH&S management can include:
— authorities require t
...

FINAL
INTERNATIONAL ISO/FDIS
DRAFT
STANDARD 45002
ISO/TC 283
Occupational health and safety
Secretariat: BSI
management systems — General
Voting begins on:
2022-10-28 guidelines for the implementation of
ISO 45001:2018
Voting terminates on:
2022-12-23
RECIPIENTS OF THIS DRAFT ARE INVITED TO
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
Reference number
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO-
ISO/FDIS 45002:2022(E)
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN-
DARDS TO WHICH REFERENCE MAY BE MADE IN
NATIONAL REGULATIONS. © ISO 2022

---------------------- Page: 1 ----------------------
ISO/FDIS 45002:2022(E)
FINAL
INTERNATIONAL ISO/FDIS
DRAFT
STANDARD 45002
ISO/TC 283
Occupational health and safety
Secretariat: BSI
management systems — General
Voting begins on:
guidelines for the implementation of
ISO 45001:2018
Voting terminates on:
COPYRIGHT PROTECTED DOCUMENT
© ISO 2022
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
RECIPIENTS OF THIS DRAFT ARE INVITED TO
ISO copyright office
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
CP 401 • Ch. de Blandonnet 8
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
CH-1214 Vernier, Geneva
DOCUMENTATION.
Phone: +41 22 749 01 11
IN ADDITION TO THEIR EVALUATION AS
Reference number
Email: copyright@iso.org
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO­
ISO/FDIS 45002:2022(E)
Website: www.iso.org
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
Published in Switzerland
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN­
DARDS TO WHICH REFERENCE MAY BE MADE IN
ii
  © ISO 2022 – All rights reserved
NATIONAL REGULATIONS. © ISO 2022

---------------------- Page: 2 ----------------------
ISO/FDIS 45002:2022(E)
Contents Page
Foreword .v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Context of the organization .1
4.1 Understanding the organization and its context . 1
4.2 Understanding the needs and expectations of workers and other interested parties . 4
4.3 Determining the scope of the OH&S management system . 7
4.4 OH&S management system . 9
5 Leadership and worker participation . 9
5.1 Leadership and commitment . 9
5.2 OH&S policy . 11
5.3 Organizational roles, responsibilities and authorities .13
5.4 Consultation and participation of workers . 14
6 Planning .16
6.1 Actions to address risks and opportunities . 16
6.1.1 General . 16
6.1.2 Hazard identification and assessment of risks and opportunities . 16
6.1.3 Determination of legal requirements and other requirements .28
6.1.4 Planning action .29
6.2 OH&S objectives and planning to achieve them .30
6.2.1 OH&S objectives . 30
6.2.2 Planning to achieve OH&S objectives . 31
7 Support .33
7.1 Resources . 33
7.2 Competence . 33
7.3 Awareness . 35
7.4 Communication . 37
7.4.1 General . 37
7.4.2 Internal communication .38
7.4.3 External communication .40
7.5 Documented information . 41
7.5.1 General . 41
7.5.2 Creating and updating . 43
7.5.3 Control of documented information . 43
8 Operation . 44
8.1 Operational planning and control .44
8.1.1 General .44
8.1.2 Eliminating hazards and reducing OH&S risks. 47
8.1.3 Management of change .50
8.1.4 Procurement . 51
8.2 Emergency preparedness and response .54
9 Performance evaluation .58
9.1 Monitoring, measurement, analysis and performance evaluation .58
9.1.1 General .58
9.1.2 Evaluation of compliance . 61
9.2 Internal audit . 62
9.2.1 General . 62
9.2.2 Internal audit programme . 62
9.3 Management review .64
iii
© ISO 2022 – All rights reserved

---------------------- Page: 3 ----------------------
ISO/FDIS 45002:2022(E)
10 Improvement .65
10.1 General .65
10.2 Incident, nonconformity and corrective action.66
10.3 Continual improvement .68
Bibliography .70
iv
  © ISO 2022 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/FDIS 45002:2022(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO’s adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 283, Occupational health and safety
management.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
v
© ISO 2022 – All rights reserved

---------------------- Page: 5 ----------------------
ISO/FDIS 45002:2022(E)
Introduction
An organization is responsible for the occupational health and safety (OH&S) of its workers. This
responsibility includes promoting and protecting their physical and mental health. The organization
is also responsible for taking steps to protect others who can be affected by its activities. This is best
achieved through an OH&S management system.
The purpose of an OH&S management system is to provide a framework for managing OH&S risks and
opportunities, and for managing risks and opportunities to the management system itself. The intended
outcomes of the OH&S management system are to continually improve the OH&S performance, to fulfil
legal requirements and other requirements, and to achieve the OH&S objectives.
This document gives guidance on how to implement the requirements in ISO 45001:2018 in any type
of organization and should be used in conjunction with ISO 45001:2018. Where ISO 45001:2018 states
what needs to be done, this document expands on that and gives guidance, including real-life cases, on
how it can be done. A complement to this general guidance is a handbook, see Reference [2].
The intention of ISO 45001:2018 is to enable organizations to protect all workers from injury and ill
health, regardless of individual characteristics. This document provides additional guidance on how
to ensure the specific needs of individuals and groups of workers are addressed, recognizing that a
generic approach to OH&S management can lead to the needs of different genders, age and minority
groups not being fully addressed.
Many requirements of ISO 45001:2018 contain terms such as “as appropriate”, “as applicable” or
“relevant”. These terms signal that the organization should determine whether and how the requirement
pertains to the organization, taking into account its conditions, processes or context. In this document,
the meaning of these terms is as follows:
— “as appropriate” means suitable or proper in the circumstances and implies some degree of freedom,
i.e. it is up to the organization to decide what to do;
— “as applicable” means possible to apply and implies that if it can be done, it should be done;
— “relevant” means directed and connected to the subject, i.e. pertinent.
The OH&S management system approach applied in this document is founded on the concept of Plan-Do-
Check-Act (PDCA). The PDCA concept is an iterative process used by organizations to achieve continual
improvement. It can be applied to an OH&S management system and to each of its individual elements,
as follows:
a) Plan: determine and assess OH&S risks, OH&S opportunities and other risks and other opportunities
that can influence the intended outcomes of the OH&S management system and establish OH&S
objectives and processes necessary to deliver results in accordance with the organization’s OH&S
policy.
b) Do: implement the processes as planned.
c) Check: monitor and measure activities and processes with regard to the OH&S policy and OH&S
objectives and report the results.
d) Act: take actions to continually improve the OH&S performance to achieve the intended outcomes.
The PDCA concept and relationship to this document is shown in Figure 1.
vi
  © ISO 2022 – All rights reserved

---------------------- Page: 6 ----------------------
ISO/FDIS 45002:2022(E)
NOTE The numbers given in brackets refer to the clause numbers in this document.
Figure 1 — Relationship between PDCA and the framework in this document
vii
© ISO 2022 – All rights reserved

---------------------- Page: 7 ----------------------
FINAL DRAFT INTERNATIONAL STANDARD ISO/FDIS 45002:2022(E)
Occupational health and safety management systems —
General guidelines for the implementation of
ISO 45001:2018
1 Scope
This document gives guidance on the establishment, implementation, maintenance and continual
improvement of an occupational health and safety (OH&S) management system that can help
organizations conform to ISO 45001:2018.
NOTE 1 While the guidance in this document is consistent with the ISO 45001:2018 OH&S management
system model, it is not intended to provide interpretations of the requirements in ISO 45001.
NOTE 2 The use of the term “should” in this document does not weaken any of the requirements in
ISO 45001:2018 or add new requirements.
NOTE 3 For most of the clauses in this document, there are real-life cases on how different types of
organizations have implemented the requirements. These are not intended to suggest the only or best way to do
this, but to describe one way this was done by an organization.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 45001:2018, Occupational health and safety management systems — Requirements with guidance for
use
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 45001:2018 apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www. iso. org/o bp
— IEC Electropedia: available at https:// www.e lectropedia. org/
4 Context of the organization
4.1 Understanding the organization and its context
To be able to implement an effective OH&S management system, the organization needs to understand
the context within which it operates and to determine what issues can make it easier or more difficult
to achieve the intended outcomes of the OH&S management system. The intended outcomes as included
in the definition of “occupational health and safety management system” (see ISO 45001:2018, 3.11)
are to prevent injury and ill health to workers and to provide safe and healthy workplaces. It includes
enhancement of OH&S performance, fulfilment of legal requirements and other requirements, and
achievement of OH&S objectives. These are the minimal, core outcomes but an organization can
set additional intended outcomes such as going beyond the requirements of ISO 45001:2018, e.g.
encouraging a supplier to also implement an OH&S management system.
1
© ISO 2022 – All rights reserved

---------------------- Page: 8 ----------------------
ISO/FDIS 45002:2022(E)
The organization should be aware that external and internal issues can change, and therefore, should be
monitored and reviewed. It is advisable for an organization to conduct reviews of its context at planned
intervals and through activities such as management review.
Examples of external issues that can affect the intended outcomes of an OH&S management system are:
— economic and financial situation, economic activity;
— business sector, markets, international commerce activities, the needs and expectations of
interested parties (contractors, insurance companies, etc.);
— supply chain requirements, including modern slavery;
— terrorist threats;
— technological innovations, equipment, products and systems evolution, the knowledge of OH&S
effects of products and work equipment;
— political and social unrest;
— legal requirements and other requirements, including legislation, sectoral agreements, conventions
and voluntary agreements subscribed to by the organization;
— institutional needs and expectations;
— the geographical location of the company;
— environmental concerns that can have an impact on health and safety, including climate change and
pollution;
— potential emergency situations including pandemics but also floods, earthquakes, etc.
Examples of internal issues that can affect the intended outcomes of an OH&S management system are:
— consultation and participation, issues raised by workers and other interested parties that can
impact the organization’s internal activities and its OH&S management system;
— internal requirements, including policies and practices, mission, vision, values, objectives, strategies,
agreements and guidelines;
— what has been known to cause injuries and ill health in the past;
— organization structure and governance model, work scope, work shifts, roles, functions and
responsibilities;
— work centres and distribution;
— demography (e.g. gender of workers, age range, racial identities, range of languages, workers with
disabilities);
— conditions and extension of services and activities;
— globalization and internalization of the company;
— cultural diversity (e.g. inclusion, racial identities and backgrounds, cultural and religious beliefs,
proficiency in languages, literacy and education levels);
— financial, human (availability, competence, etc.) and technological resources (availability and
conditions of equipment, products, facilities, systems and workplaces) and distribution of resources;
— general planning;
— processes, products and services.
2
  © ISO 2022 – All rights reserved

---------------------- Page: 9 ----------------------
ISO/FDIS 45002:2022(E)
An organization can choose to document this information if it wants to adopt a more structured
approach to its OH&S management system. However, the absence of such documentation should not
impact the ability of the organization to seek and demonstrate conformity to ISO 45001, where it can
evidence a structured approach by other means.
The organization can use different methodologies to determine and evaluate the external and internal
issues. One example is analysing strengths, weakness, opportunities and threats. See Clause 5 for
guidance on how to involve workers in this process.
The issues dealt with in this clause are mainly related to the impact on the OH&S management system
and are usually analysed at high levels of the organization. Specific OH&S risks are dealt with at
operational levels and are considered in 6.1.2 and 6.1.3.
EXAMPLE Real life case 1 on how to implement requirements in ISO 45001:2018, 4.1.
A diverse service organization implemented the requirements of 4.1 and made a high-level analysis of issues
by conducting a brainstorming exercise with participation from OH&S staff, other workers and worker
representatives, knowledgeable persons from various parts of the organization and someone from top
management who champions OH&S. The team discussed external and internal issues from a wide perspective
and determined which were relevant for the OH&S management system. This then served as input to identify
interested parties (see 4.2), determine scope (see 4.3), and address risks and opportunities (see 6.1).
Even though there is no requirement in ISO 45001:2018 to document the result of this context work, the
organization chose to do that anyway and ensure that the whole team agreed on the result. They created a bridge
from context to planning by documenting each relevant issue in a categorized way, stating if this was a current
or future issue, and if it had a positive or negative potential. They also put a value to its relative importance
and stated how the issue should be managed in their system (as an OH&S risk, potential emergency, risk to the
management system, other opportunity, etc.). Table 1 shows part of what they found.
This context exercise is reviewed when there are significant external or internal changes that affect the
organization or the OH&S management system and otherwise when deemed appropriate by the organization.
Table 1 — Some of the external and internal issues found
Category Issue Time Negative OH&S Managed as
frame or management
positive system
importance
Culture: Lack of OH&S interest from top Current Negative High OH&S manage­
internal management ment system risk
Workplace Working at heights with customer Current Negative Medium OH&S risk
hazard installations
Workplace Noise levels in some operations Current Negative High OH&S risk
hazard
Economy: Lack of financial resources for Future Negative Medium Currently not
internal investing in OH&S improvements managed
Activities: Inadequate chemical management Current Negative Medium OH&S risk
internal
Resources: Improvement of OH&S staff Current Positive Medium OH&S manage­
internal competence beyond requirements ment system
opportunity
Technology: New technologies for eliminating Current Positive High OH&S manage­
external hazards and mitigating OH&S risks ment system
developed opportunity
Interested Requirements from customers Future Positive High OH&S manage­
parties: regarding OH&S management ment system
external system certification opportunity
Interested Lack of participation from worker Current Negative High OH&S manage­
parties: representatives ment system risk
internal
3
© ISO 2022 – All rights reserved

---------------------- Page: 10 ----------------------
ISO/FDIS 45002:2022(E)
TTabablele 1 1 ((ccoonnttiinnueuedd))
Category Issue Time Negative OH&S Managed as
frame or management
positive system
importance
Company: Poor internal OH&S Current Negative Medium OH&S manage­
internal communication ment system risk
Resources: Suppliers of OH&S protection Future Negative Medium OH&S manage­
external equipment, including personal ment system risk
protective equipment (PPE) are
not always able to deliver required
goods when there is increased
market demand
Company: Lack of specific consideration Current Negative High OH&S risk
internal for issues related to gender,
non-binary workers and other spe­
cific groups as well as
provision for these groups
4.2 Understanding the needs and expectations of workers and other interested parties
The needs and expectations (i.e. requirements) of workers and other interested parties are important
when considering the context in which the organization operates. It is important that the organization
takes into account the characteristics of its workers and how these can affect needs and expectations.
Different genders and age groups can have very different needs and expectations than others. Minority
groups (e.g. ethnic minorities, workers with physical or mental disabilities, workers of non-traditional
gender or sexuality) also have needs and expectations which are not always recognized or understood.
Determining interested parties that are relevant to the OH&S management system and developing a
relationship with them enables communication, which can improve worker participation, remove
obstacles to participation, lead to a culture that supports OH&S, and build mutual understanding, trust
and respect.
The organization should identify the relevant needs and expectations of workers and other interested
parties, to determine those that it has to comply with and volu
...