What MUST be Documented

for an ISO 45001 Health and Safety Management System?

Not every part of your health and safety management system must be documented; however, to conform to the standard, there are some items that must be maintained in a print or electronic format.  These are described as “documented information”, which is defined as “information required to be controlled and maintained by an organization…”  This can be systems, processes, forms and completed forms or other records.  There are seventeen places, grouped below by the stage in the system cycle, where the standard requires documented information.

Planning

Many aspects of the planning process must be documented:

  • Health and Safety Management System scope (4.3)

  • Health and safety policy (5.2)

  • Risk and opportunities,  and planning processes required to address them (6.1.1)

  • Health, safety and other risks (6.1.2.2)

  • Legal and other requirements (6.1.3)

  • Health and safety objectives (6.2.2)

  • Competence evidence (7.2)

 

Implementation

How the plans are communicated and implemented require documentation as well:

  • Communications evidence (7.4.1)

  • Operational planning and control processes (8.1.1(c))

  • Emergency preparedness and response (8.2)

 

Assessing Effectiveness

 

Self-assessments are a key element in an effective health and safety management system, and must be documented:

  • Monitoring, measurement, analysis and performance evaluation (9.1.1)

  • Compliance evaluation results (9.1.2(d))

  • Internal audit program (9.2.2(f))

  • Internal audit results (9.2.2(f))

 

Correcting Deficiencies

Corrective and preventive actions taken to resolve concerns identified during the self-assessments must be documented:

  • Management review results (9.3)

  • Incident, nonconformity and corrective action (10.2)

  • Continual improvement (10.3(e))

 

Defining “Documented Information”

 

Clause 7.5 tells us that documented information is not only what is required by the standard, but also what is “determined by the organization as being necessary for the effectiveness” of the health and safety management system.  So a company can stipulate that additional items be documented.

If you are challenged to achieve the desired results as evidenced by nonconformances, notices of violation, audit findings or incidents, injuries or illnesses, you may need to consider documenting additional processes.

 

You need not use the term “documented information” in your system; you are free to use the terms that best suit your business, such as “procedures”, “work instructions”,   “records”, or other terms (A.2).

For information on ISO 14001 Documented Information requirements, check out our article here.

 

Conclusion

 

It’s all in the details.  Make sure you have a copy of the standard and are using it to build and check your system.  That way, there won’t be any surprises at your next surveillance or re-certification audit.

Need help? Check out our EMS forms and templates in our ISO Help Store, or schedule time for a one-on-one phone call with an ISO Auditor at our ISO Help Consult page.

Interested in more information on our comprehensive suite of environmental services? E-mail us to request a copy of our Statement of Qualifications.

About the Author

Joyce Kristiansson, M.S., is a Certified Environmental Professional Auditor and part-time registrar auditor for an ISO certification body.  With more than 35 years of environmental experience, including twelve years in ISO 14001 Environmental Management Systems, Joyce has experienced EMS systems and processes from all perspectives:  developing, maintaining, sustaining and auditing (both internal and certification).  Recognizing the improved environmental performance and positive financial results that can result from an effective EMS, Joyce wants to make the process as simple and inexpensive as possible so that small and medium-sized businesses can have the same competitive advantages as larger companies - without using a consultant.