OHSAS 18001

OHSAS 18001

OHSAS 18000 is an international occupational health and safety management system specification. It comprises two parts, 18001 and 18002 and embraces a number of other publications.

OHSAS 18001 is an Occupation Health and Safety Assessment Series for health and safety management systems. It is intended to help an organizations to control occupational health and safety risks. It was developed in response to widespread demand for a recognized standard against which to be certified and assessed. 

Who Created OHSAS:

OHSAS 18001 was created via a concerted effort from a number of the worlds leading national standards bodies, certification bodies, and specialist consultancies. A main driver for this was to try to remove confusion in the workplace from the proliferation of certifiable OH&S specifications.

The participants were as follows:

  • National Standards Authority of Ireland.
  • Standards Australia.
  • South African Bureau of Standards.
  • British Standards Institution.
  • Bureau Veritas Quality International.
  • Det Norske Veritas.
  • Lloyds Register Quality Assurance.
  • National Quality Assurance.
  • SFS Certification.
  • SGS Yarsley International Certification Services.
  • International Safety Management Organisation Ltd.
  • Standards and Industry Research Institute of Malaysia.
  • International Certification Services.

Benefits - How Can OHSAS Help?

The OHSAS specification is applicable to any organisation that wishes to:

  • Establish an OH&S management system to eliminate or minimise risk to employees and other interested parties who may be exposed to OH&S risks associated with its activities.
  • Assure itself of its conformance with its stated OH&S policy.
  • Demonstrate such conformance to others.
  • Implement, maintain and continually improve an OH&S management system.
  • Make a self-determination and declaration of conformance with this OHSAS specification.
  • Seek certification/registration of its OH&S management system by an external organisation.

What are the key features of OHSAS 18001:2007?

  • Great emphasis placed on "Health"
  • Alignment with ISO 14001:2004 throughout the standard to facilitate integration.
  • Compatibility with ISO 9001:2000.
  • Reference to PDCA cycle.
  • "Evaluation of Compliance" requested as per ISO 14001:2004.
  • People involvement in establishing the system and investigation of incidents.
  • Suitability for management system certification

OHSAS 18001 standard be integrated with other management systems?

OHSAS 18001 has been developed to ensure the compatibility with the ISO 9001 (Quality) and ISO 14001 (Environmental) management systems standards, in order to facilitate the integration of quality, environmental and occupational health and safety management systems by organizations, should they wish to do so.

The overall structure of the standard is similar to other relevant standard and many key requirements are common to all systems (e.g. policy, objectives, document control, internal auditing, management review, corrective and preventive actions)

Such integrated standardization approach allows certification bodies to provide organizations with Integrated Management System certification including all the three major standards for Quality, Environment, Health and Safety.

Who does the OHSAS 18001 standard apply to?

The OHSAS Standard applies to any organization that wishes to:

  • Support and promote good OH&S prctices.
  • Minimize safety risks in the work environment.
  • Ensure the proper deployment of its OH&S policy and the achievement of objectives.
  • Introduce a common language for health and safety within the organization.
  • Establish, deploy, monitor and improve the OH&S management system.
  • Demonstrate OHSAS conformance to Stakeholders.
  • Achieving the OH&S management system certification by a third party certification body.

The OHSAS 18001 effective implementation requires a clear management structure with clearly defined authority and responsibility, measurable objectives for improvement, a systematic approach to risk assessment and measurable results. This includes the monitoring of health and safety management failures, auditing of performance and review of policies and objectives.

How to get OHSAS 18001 certification?

The management certification process follows the following steps:

  • Application for registration.
  • Initial Certification Audit to verify the compliance with OHSAS 18001 requirement. Such audit consist of Stage 1 and Stage 2 audits.
  • Certification granting by the Certification Body and maintained by the Organization.
  • Surveillance Audit to confirm the maintenance of compliance with the requirements.
  • Re-certification audit after three years.

Stage 1- the purpose of this visit is to determine the organization’s readiness for a full assessment.

The assessor will:

  • Audit the organization’s management system documentation.
  • confirm that the OH&S management system conforms to the requirements of the standard.
  • confirm its implementation status.
  • confirm the scope of certification.
  • check legislative compliance.
  • evaluate if the internal audits and management review are being planned and performed and that the management system implementation is ready for Stage 2 Audit.
  • produce a report that identifies any non-compliance or potential for non-compliance and agree a corrective action plan if required.
  • produce an audit plan and confirm a date for the Stage 2 assessment visit

Stage 2 – this Audit shall take place at site and aim to confirm if the management system complies with the requirements of OHSAS 18001 and the internal documentation.

The Auditor shall verify:

  • the conformity to all requirements of the applicable management system standard or other normative document.
  • performance monitoring, measuring, reporting and reviewing against key performance.
  • objectives and targets (consistent with the expectations in the applicable management system standard or other normative document).
  • the management system and performance as regards legal compliance.
  • the effective implementation of the risk management approach.
  • the operational control of the processes.
  • the internal auditing and management review

The auditor shall

  • report any non-compliances or potential for non-compliance.
  • produce a surveillance plan and confirm a date for the first surveillance visit

If the Auditor identifies any critical or major non-conformance, the organization cannot be certified until corrective action is taken and verified.

1. OHSAS 18001 Audit checklist of general Requirements

Clause 4.1

1.Has a program been established?                                   

2. Is the scope of the program clearly defined?

3. How long has the program been established?

4. Is it being maintained the requirements of OHSAS 18001-1999?

2. OHSAS 18001 Audit checklist of OSH policies

Clause 4.2

1.What is the organization’s policy?

2. Is the policy defined and is it appropriate to the type, size, and OSH impacts of the organization’s activities?

3. Does the policy include a commitment to continual improvement in the organization’s operations?

4. Does the policy reflect the organizations hazard identification, risk assessment and risk control in the organization’s activities and facilities?

5. Does the policy include a commitment to compliance to legal requirements?

6. Is the policy documented, implemented, maintained (periodically reviewed) and communicated to all employees and are they aware of their responsibilities to the OSH?

7. Is the policy available to interested parties?

3. OHSAS 18001 Audit checklist of Planning for Hazard Identification, Risk Assessment and Risk Control

Clause 4.3.1

1. Are there documented and maintained procedures to establish and update hazards, risks and implementation of controls?

2. Does the procedure cover routine and non routine activities?

3. Does the procedure cover all personnel and facilities?

4. What mechanism is used to initiate hazard review/revision when operations change?

5. Do the criteria for the assessment of risk address both likelihood and consequence?

6. Are there records to provide evidence of analysis of hazards, risks and controls?

7. Are there any obvious hazards that should have been considered and were not? If not, why not?

8. Are results of assessments and effects of controls considered when setting OSH objectives and are they documented and up to date?

9. Does the methodology:

  • define scope, nature and timing?
  • ensure proactive rather than reactive assessments?
  • provide for classification of risk tolerability?
  • identify those to be eliminated or controlled?
  • assure consistency with operating experience? (Ref. 4.3.1C of OHSAS 18002-2000)
  • assure consistency with effectiveness of risk control measures?

10. Does the methodology provide input into determination of facility requirements, training needs and operational controls?

11. Does the methodology provide for monitoring of required actions to ensure timeliness and effectiveness of implementation?

4. OHSAS 18001 Audit checklist of objectives

Clause 4.3

1.Has the organization established and maintained OSH objectives?

2. Have the documented objectives considered legal and other requirements?

3. Are objectives reasonable and measurable?

4. Is there a documented and maintained procedure for periodically reviewing objectives?

5. Are objectives communicated to the employees that are supposed to achieve them?

6. Are organizational objectives consistent with Lab/higher level objectives?

5. OHSAS 18001 Audit checklist of OSH Management Program(s)

Clause 4.3.4

1. Are there programs to achieve all the identified objectives?

2. Do the programs include schedules for completion and resources necessary to achieve the objectives?

3. Do the programs assign responsibilities for completion of tasks in achieving objectives?

4. Are all procedures that supplement the OHS management program available to the appropriate personnel and current?

5. Are the management programs reviewed at planned intervals and amended as required?

6. OHSAS 18001 Audit checklist of Structure and Responsibility

Clause 4.4.1

1.Are roles and responsibility, and authorities defined, documented and communicated?

2. Has management provided the necessary resources (people, technology, money) to implement this OSH program?

3. Has the organization appointed an OSH management appointee from top management?

4. Does the R2A2 of the OSH management appointee document sufficient authority to accomplish a & b above?

5. How does management demonstrate their commitment for continual improvement of OSH performance?

7. OHSAS 18001 Audit checklist of Training, Awareness and Competence

Clause 4.4.2

1. Are procedures established and maintained to make employees aware of a – d above?

2. How do you ensure personnel are competent to perform tasks that impact OHS?

3. Has the appropriate training been done and, where required, by qualified trainers?

4. Do the training procedures take into account the differing levels of responsibility, ability, literacy and risk?

5. Are there specific, documented minimum requirements for each person performing a task that can cause significant OHS impact?

8. OHSAS 18001 Audit checklist of Consultation and Communication

Clause 4.4.3

1. Are there procedures that are maintained for communications to and from interested parties regarding the organization’s pertinent OSH information?

2. How are communications to and from interested parties documented?

3. How are internal communications between different levels and different functions documented? How do you have feedback to management?

4. How are employees involved in the development of policies and procedures to manage risks?

5. How are employees consulted for changes that affect workplace health and safety?

6. How are employees represented on OHS matters?

7. Do people know who their employee OHS representative and/or management appointees are?

8. How are OHS representatives involved in communication mechanisms with management?

9. What initiatives do you have to encourage OHS consultations and improvement activities?

10. What mechanisms are used to communicate OHS concerns or information to all interested parties and employees; e.g., inspections, briefings, notice boards, OHS newsletter, OHS poster programs?

9. OHSAS 18001 Audit checklist of Documentation

Clause 4.4.4

1. How has the organization documented the core elements of its OHSAS 18001 system?

2. How does the organization show linkage between all upper and lower level documentation?

3. Does the system document how the related documentation, both internal and external, [regulations, permits, forms, etc.] are to be used?

10. OHSAS 18001 Audit checklist of Document and Data Control

Clause 4.4.5

1. Are there procedures for controlling and maintaining all documents (e.g., procedures and instructions) and/or data (e.g., engineering drawings and MSDS) required by this standard? Are the documents/data accessible (e.g., can the employee access the documents/data they need), including during an emergency?

2. Are the documents/data periodically reviewed, revised and approved for adequacy by authorized personnel?

3. Are latest versions of documents/data available in all areas and by all personnel that perform tasks essential to the effective functioning of the OSH?

4. Are obsolete documents/data removed from use and assured from unintended use? Are historical copies maintained & labeled?

5. Are those obsolete documents/data that are retained for legal or knowledge reasons clearly identified?

6. Are documents/data dated with the latest revision, orderly, legible and retained for a specified period?

11. OHSAS 18001 Audit checklist of Operational Control

Clause 4.4.6

1. Have the operations and activities, including maintenance, been identified that are associated with the identified OSH risks where control measures need to be applied?

2. Have procedures been established and maintained for the above operations that, if they are not followed for these situations, could lead to deviations from the OSH policy and the objectives?

3. Are operating criteria clearly established and document/data in the procedures for the operations and activities identified above?

4. Have the identified OSH risks of goods, materials, equipment and services used in the above operations and activities been identified?

5. Are there procedures for handling goods, materials, equipment and services used in the activities associated with identified risks where controls need to be applied?

6. Are relevant procedures and requirements communicated to the appropriate suppliers and contractors (are operational controls in place and working as expected)?

7. Are records of operational controls and performance indicators managed and retained per plans?

8. Are there procedures to reduce OS&H risks in design and workplace processes (Ref. d above)?

12. OHSAS 18001 Audit checklist of Emergency Preparedness and Response

Clause 4.4.7

1. Are there maintained procedures to identify potential for accidents and emergency situations?

2. Are there maintained procedures to respond to accidents and emergency situations?

3. Are there maintained procedures to prevent and minimize the OSH risks that may be associated with the identified accidents and emergency situations?

4. Are there reviews and revisions of the emergency preparedness and response procedures, particularly after an incident?

5. Are there periodical tests of the above procedures?

13. OHSAS 18001 Audit checklist of Performance Measurement and Monitoring

Clause 4.5.1

1. Do the procedures address qualitative and quantitative measures?

2. Are procedures document/data and maintained to monitor and measure OSH performance on a regular basis?

3. Are monitoring of OSH objectives performed?

4. Does the OSH management program include proactive measures to address operational criteria, legal requirements and regulatory standards?

5. Are there reactive measures of performance to monitor accidents, ill health, incidents (including near-misses) and other historical evidence of deficient OSH performance?

6. Are OSH performance indicators evaluated for corrective and preventative action?

7. Are the indicators of OSH performance communicated to management?

8. Is OSH monitoring equipment required for performance measurement and monitoring calibrated? If so, is there a documented calibration and maintenance procedure(s)?

9. Are the records for the calibrations and maintenance results retained?

14. OHSAS 18001 Audit checklist of Accidents, Incidents, Non    conformance and Corrective and Preventive Action

Clause 4.5.2

1. Are procedures documented and maintained for defining responsibility and authority for handling and investigating of accidents, incidents and non conformance?

2. Are procedures documented and maintained for initiating and completing corrective and preventive action? Is a risk assessment conducted for these actions?

3. Are appropriate corrective and preventive actions taken?

4. Are the results of the corrective and preventive actions implemented and recorded?

5. How does the organization implement and record any changes in their documented procedures resulting from corrective and preventative actions?

15. OHSAS 18001 Audit checklist of Records and Records Management

Clause 4.5.3

1. Are procedures documented and maintained for the identification, maintenance and disposition of OSH records?

2. Are the records legible, identifiable and traceable to the activities involved?

3. Are the records stored and maintained such that they are readily retrievable and protected against damage, deterioration or loss?

4. Are there specified retention times for all of the records identified?

5. Are the records maintained in a manner to demonstrate conformance with the standard and appropriate to the system and the organization?

6. Is consideration given to confidentially?

16. OHSAS 18001 Audit checklist of audit requirements

Clause 4.5.4

1. Are procedures documented and maintained for periodic OSH audits?

2. Does the procedure for OSH audits include the scope of the audit, frequency, methodologies used, responsibilities, requirements, and method of reporting results?

3. Does the OSH audit determine whether their OSH has been implemented and maintained and conforms to this standard and organization’s OSH policy and objectives?

4. Does the OSH audit provide results of the audits to management?

5. Is the audit program and schedule based on risk assessments and the results of previous audits?

6. Does the procedure address the independence of auditors?

17. OHSAS 18001 Audit checklist of Management Review

Clause 4.5.5

1. Has top management performed a review of the OSH management system on a periodic basis? Is it documented?

2. Does the review address the systems?

a) Continued suitability

b) adequacy

c) effectiveness

3. Does the review address possible need to change its policy, objectives and other elements of the OSH management system? Has this been conducted in light of OSH management system audit results, continual improvement and changing circumstances?

4. Does the record of the review include a list of information used for the management evaluation?


Click here to download the check sheet and requirements

OHSAS-18001 Assessment checklist

OHSAS-18001 Requirements

PPT- Basics of OHSAS-18001