Your company probably has an occupational health and safety policy. It sits in a binder, on the intranet, or in the quality system. The question is whether it would hold up in an audit.
Vague OHS policies are common. “We aim for a good work environment.” That is not a policy. It is an aspiration. A policy must take a position: what is the company committing to, what does management promise, and how will it be followed up?
This is where ISO 45001 comes in. The standard spells out clear requirements for what an OHS policy must contain. And it forces a structure where the policy becomes something the company uses, not just something it has.
The law vs ISO 45001
The Work Environment Act1 requires employers to document their OHS work. But the law does not specify in detail what the policy must say. That is up to each company.
ISO 45001 takes the opposite approach. Clause 5.2 lists exactly which commitments must be included and how the policy should be managed. That is one of the standard’s strengths: it leaves nothing to chance.
What ISO 45001 clause 5.2 requires
An OHS policy according to ISO 45001 must include six commitments from top management:
1. Safe and healthy working conditions
The policy must state a commitment to provide safe and healthy working conditions for the prevention of work-related injury and ill health. And it must be appropriate to the organization’s purpose, size and context and to the specific nature of its OH&S risks and OH&S opportunities.
2. A framework for OHS objectives
The policy must provide the foundation for the company’s OHS objectives. The objectives break down the policy commitments into concrete, measurable outcomes. Without a policy that sets direction, objectives are hard to formulate.
3. Fulfil legal requirements and other requirements
The organization must commit to fulfil legal requirements and other requirements.
4. Eliminate hazards and reduce OH&S risks
The policy must include a commitment to eliminate hazards and reduce OH&S risks.
5. Continual improvement
The commitment to continual improvement means the organization commits to continually improve its OH&S management system over time. Status quo is not enough.
6. Consultation and participation of workers
The policy must include a commitment to consultation and participation of workers and, where they exist, workers’ representatives.
Beyond the six commitments, the standard imposes four requirements on how the policy is managed:
- It must be available as documented information
- It must be communicated within the organization
- It must be available to interested parties, as appropriate
- It must be relevant and appropriate
Checklist: what your OHS policy must cover
Use this checklist to review your existing policy or write a new one:
- Commitment to provide safe and healthy working conditions for the prevention of work-related injury and ill health
- Appropriate to the organization’s purpose, size and context and to its specific OH&S risks and OH&S opportunities
- Provides a framework for setting OHS objectives
- Commitment to fulfil legal requirements and other requirements
- Commitment to eliminate hazards and reduce OH&S risks
- Commitment to continual improvement
- Commitment to consultation and participation of workers and, where they exist, workers’ representatives
- Available as documented information
- Communicated within the organization
- Available to interested parties, as appropriate
- Relevant and appropriate
From policy to practice
A policy that meets ISO 45001 requirements is a good start. But it only becomes a living document when connected to the rest of the management system.
The policy sets direction. Objectives translate direction into measurable results. Risk assessments identify what threatens those objectives. Management review evaluates whether it all works. Everything is connected.
Without that structure, the policy is a document that collects dust. The auditor sees it on paper but asks: “How do you know this works in practice?” And you need to show the link from policy to objectives to follow-up.
Why ISO 45001 certification makes a difference
Going through ISO 45001 certification forces you to create an OHS policy that actually works. The auditor does not just check that documented information exists. They check that the policy is communicated within the organization and that management directs OHS work in line with it.
For many companies, this is the first time their OHS policy gets critically reviewed. And it shows. Companies pursuing ISO 45001 certification often discover gaps in their existing policy.
In AmpliFlow you create the policy as a documented routine with version control, approval workflows, and publication dates. It is searchable, accessible to all employees, and linked to objectives and risk assessments.
When the policy is updated, affected employees receive automatic notifications. You can see who has reviewed it and when. That is the kind of structure that makes the policy part of daily work, not just a document in a binder.
Want to learn more about how ISO 45001 certification works? Read our guide to ISO 45001 or book a demo to see AmpliFlow’s OHS management tools.
Footnotes
-
Swedish Work Environment Act (1977:1160). Basic requirements for systematic work environment management are in AFS 2001:1. ↩