ISO 45001:2018 - Occupational Health and Safety Management Standard

Sorry Blockbuster but the language barrier is problematic (try to express yourself in French to appreciate... ;) ).

Yes it would be nice some others Elsmar colleagues try to answer you as I did myself.

Perhaps you should show us how you documented your OS&H risk assessment methodologies and how the auditor formulated your non-compliance ... so we will better understand your case and we will be able to answer you.

Hello !

At first, I hope other contributors will tell their practices about your questioning Blockbuster. But to possibly continue it would be necessary that you show us (even partially with some examples) how you proceed OS&H risks assessment, then it would enable us to analyse the remark of your OS&HMS auditor regarding ISO 45001.

If you're still addressing me Blockbuster, I'm not sure where we are in our exchange (and considering my weaknesses in English too !)*. I have been retired for 3 years, but for our auditors we were "compliant" with the PS&HMS normative requirements (ILO-OSH or BS OHSAS 18801) by using relevant evaluation tools adapted to the natures of the different families of risks and without necessarily producing true quantitative results, and we were also compliant with the regulatory requirements of the countries in which we are located (simply because the regulatory criteria for risk assessment of our countries are the first criteria we inject into our process. occupational risk assessment).


* However it seems, despite all, that my remarks on ISO 45001 or other OS&H subjects are relatively understood by and interesting for some people here. Thanks !
Last edited:


Starting to get Involved
I have done a bit of research on this now, and I think the following blog sets things out nicely with regards to answering my initial question about clause

I have highlighted the relevant text in Bold which points to what I think is what an auditor would/should be looking for in terms of applying methodologies to the carrying out of risk assessments.

In the end, whether we use a 'severity' x 'likelihood' risk scoring matrix or not, if we conclude that a hazard is a high or low risk we still have to have defined a methodology for working this out. Agreed?

Read on....


Source: pegasus legal register (pm me for full link)

Clause Assessment of OH&S risks and other risks to the OH&S management system

The organization must establish, implement and maintain a process to:

• Assess OH&S risks from the identified hazards, whilst taking into account the effectiveness of existing controls;

• Determine and assess the other risks related to the establishment, implementation and maintenance of the OH&S management system.
An organization needs to apply the process of hazard identification and risk assessment to determine the controls that are necessary to reduce the risks of injury and/or ill health. The purpose of risk assessment is to address the hazards that might arise in the course of the organization’s activities and ensure that the risks to people arising from these hazards are assessed, prioritized and controlled.

This is achieved by:

• Developing a methodology for hazard identification and risk assessment;

• Identifying hazards;

• Estimating the associated risk levels, taking into account the adequacy of existing controls, based on an assessment of the likelihood of the occurrence of a hazardous event or exposure and the severity of injury or ill health that can be caused by the event or exposure;

• Determining whether these risks are acceptable vis a vis the organization’s legal obligations and its OH&S objectives;

• Determining the appropriate risk controls, where these are found to be necessary;

• Documenting the results of the risk assessment;

• Reviewing the hazard identification and risk assessment process on an ongoing basis.

The outputs from the risk assessment process should be used in the implementation and development of other parts of the OH&S management system such as competence, operational planning and control, and monitoring, measurement, analysis and performance evaluation.
There is no single methodology for hazard identification and risk assessment that is suitable for all organizations. Hazard identification and risk assessment methodologies vary greatly across industries, ranging from simple assessments to complex numerical methods with extensive documentation.

Individual hazards might require that different methods be used, e.g. an assessment of long term exposure to hazardous substances might need a different method from that taken for equipment safety or for assessing an office workstation. Each organization should choose the method that is appropriate to its scope, nature and size. The chosen approach should result in a comprehensive methodology for the ongoing evaluation of the organization’s risks.

Where the organization’s risk assessment uses descriptive categories for assessing severity or likelihood of harm, these should be clearly defined, e.g. clear definitions of terms such as “likely” and “unlikely” are needed to ensure that different individuals interpret them consistently.

The organization should consider risks to sensitive populations (e.g. pregnant employees) and vulnerable groups (e.g. young workers) as well as any particular susceptibilities of the individuals involved in performing particular tasks (e.g. the ability of an individual to read instructions).

The risk assessment should involve consultation with, and participation by, workers and take into account legal and other requirements.
Risk assessment should be conducted by personnel with competence in risk assessment methodologies and techniques and appropriate knowledge of the organization’s work activities.

The organization should also consider risks which are not directly related to the health and safety of people, but which affect the OH&S management system itself and can have an impact on its intended outcomes.
Risks to the OH&S management system include:

• Failure to understand the context of the organization;
• Failure to address the needs and expectations of relevant interested parties;
• Inadequate consultation and participation of workers;
• Inadequate planning or allocation of resources;
• An ineffectual audit programme;
• An incomplete management review;
• Poor succession planning for key roles;
• Poor engagement by top management.

Top Bottom