The requirement clauses, in working language
- Clause 4, Context. Determine internal and external issues, the needs of workers and other interested parties, and set the scope of your OH&S management system.
- Clause 5, Leadership and worker participation. Top management takes overall responsibility for preventing work-related injury and ill health, sets the OH&S policy, and establishes processes for consultation and participation of workers at all levels, with emphasis on non-managerial workers. This clause is the heart of the standard and the hardest to fake.
- Clause 6, Planning. Ongoing, proactive hazard identification; assessment of OH&S risks and opportunities; identification of legal and other requirements; measurable OH&S objectives with plans.
- Clause 7, Support. Resources, competence (critical where hazards demand it), awareness, communication, and documented information.
- Clause 8, Operation. Operational controls using the hierarchy of controls, management of change, procurement including contractors and outsourcing, and emergency preparedness and response.
- Clause 9, Performance evaluation. Monitoring and measurement, evaluation of compliance with legal requirements, internal audit, and management review.
- Clause 10, Improvement. Incident investigation alongside nonconformity handling, corrective action, and continual improvement.
What auditors trace in practice
A competent OH&S auditor picks a hazard from your own risk assessment and follows it: is the control implemented at the workplace, does the worker doing the task know it, was the worker consulted, does training evidence exist, what happens when the control fails, and did any related incident produce investigation and action. That single thread crosses clauses 5 through 10. If it holds, your system is real.
The compliance obligation people underestimate
Clause 9.1.2 requires you to periodically evaluate compliance with your legal requirements and retain evidence of the evaluation. A legal register that exists but is never evaluated against is one of the most common major nonconformities in first-time ISO 45001 audits.