
In many companies, health and safety at work have long had a peculiar existence. Very present on paper, sometimes very well documented, but often distant from the daily reality of the teams. ISO 45001 was born precisely from this observation: prevention that is too often declarative, poorly managed, and rarely integrated into strategic decisions.
Published in 2018, ISO 45001 is now the international standard for occupational health and safety management systems. It has replaced OHSAS 18001 and follows the same logic as ISO 9001 or ISO 14001: to structure, manage, measure, and continuously improve.
But behind the standard, there is above all a very clear philosophy: security is not a separate issue, it is a management issue.
ISO 45001 primarily serves to provide a framework. A framework that compels the company to ask the right questions: what really are our hazards? What risks do we accept unknowingly? How do decisions made at management committee level impact the health of employees on the ground? And above all, how do we move from intention to measurable action?
Contrary to popular belief, the standard is not limited to a risk analysis or a single document that's a bit thicker than the others. It imposes a global logic: understanding the company's context, its activities, its subcontractors, its temporary staff, its regulatory constraints, but also the expectations of the workers. It places management face to face with its responsibilities, demanding visible, documented, and ongoing commitment over time.
This is also one of the major contributions of ISO 45001: it ends the delegation of safety solely to the HSE Manager or Appointed Person. Leadership becomes a normative requirement. Prevention is no longer a technical issue, it is a governance issue.
Why then commit to an ISO 45001 process? Rarely for the sheer pleasure of a certificate. The companies that take the plunge generally do so after understanding one thing: accidents, occupational illnesses, absenteeism, or psychosocial risks cost far more than structured prevention. Certification helps to reduce these risks, but also to make practices more reliable, clarify roles, and improve consistency between procedures and on-the-ground reality.
Operationally, the benefits are very tangible. Better hazard identification, prioritised action plans, relevant indicators, more rigorous change management, and above all, the ability to detect deviations before a serious accident occurs. On a human level, the standard promotes worker participation, the upward reporting of information, and a culture where safety is no longer perceived as a constraint, but as a normal element of a job well done.
Becoming ISO 45001 certified doesn't happen in a few weeks. The first step is almost always the same: a status assessment. Existing practices are compared against the standard's requirements, gaps are identified, and then prioritised. This is followed by the structuring phase: defining the OHS policy, clarifying responsibilities, implementing or improving key processes, and formalising risk assessments and applicable legal obligations.
Preparation also involves training. Not just for HSE teams, but also for managers and leadership. Understanding the standard means understanding what an auditor will actually be looking for: consistency, control, and evidence of effectiveness.
Internal audit plays a central role here. Too often seen as a mere administrative exercise, it is in reality one of the standard's most powerful tools. A well-conducted internal audit allows for testing the system, verifying if procedures are applied, but above all for understanding why certain actions work... and others do not. It also prepares teams for the certification audit, by accustoming them to explaining their practices, their choices, and their results.
Once the system is sufficiently mature, the company chooses an accredited certifying body. The certification audit takes place in two stages: an initial documentary phase, followed by an in-depth on-site audit. The auditors do not expect perfection, but an organisation capable of demonstrating that it knows its risks, that it acts in a structured manner, and that it is committed to a dynamic of continuous improvement.
It is often at this point that companies realise that ISO 45001 is not an end in itself. The certificate is merely a stepping stone. The real challenge begins afterwards: bringing the system to life, analysing incidents, monitoring indicators, adapting actions, and never again falling back into static prevention.
At its core, ISO 45001 asks a simple yet demanding question: is occupational health and safety truly managed as a strategic issue, or merely addressed when a problem arises? Companies that seriously commit to the process often know the answer even before the first audit.
And that's precisely where the standard makes sense.