How to Transition From OHSAS 18001 to ISO 45001

CertBetter

Team CertBetter

13 min read
How to Transition From OHSAS 18001 to ISO 45001

Why This Transition Still Matters in 2026

If your business is still operating under OHSAS 18001, or you recently acquired a business that was certified to it, you need to understand something clearly: OHSAS 18001 was officially withdrawn in 2021. It no longer exists as a valid certification standard. Any organisation still claiming OHSAS 18001 certification is holding a piece of paper that carries no weight with clients, insurers, or regulators.

The transition to ISO 45001, the international standard for occupational health and safety management systems, is not optional. It is the only credible path forward for businesses that take workplace safety seriously. This guide walks you through exactly how to make that transition, what has changed, what you can carry over, and where most organisations trip up along the way.

To understand the background of why this change happened in the first place, it helps to read about what OHSAS 18001 was and why it was replaced by ISO 45001. But for now, let us focus on the practical steps of getting your system across the line.

What Actually Changed Between OHSAS 18001 and ISO 45001

Before you can plan a transition, you need to understand what you are transitioning to. ISO 45001 is not simply a rebranded version of OHSAS 18001. It is a fundamentally different document in structure, philosophy, and requirements.

The High Level Structure

ISO 45001 follows the High Level Structure (HLS), also known as Annex SL, which is the same framework used by ISO 9001 and ISO 14001. This makes it much easier to integrate with other management systems. OHSAS 18001 had its own structure that did not align neatly with other ISO standards.

If your organisation already holds ISO 9001 or ISO 14001, this is genuinely good news. The clause structure, terminology, and approach to risk are now consistent across all three standards, which means your existing documentation and processes can often be adapted rather than rebuilt.

Context of the Organisation

ISO 45001 introduces a formal requirement to understand the context of your organisation (Clause 4). This means identifying internal and external factors that affect your ability to achieve your OHS objectives, as well as understanding the needs and expectations of workers and other interested parties. OHSAS 18001 had nothing equivalent to this.

In practice, this requires you to document the issues that influence your OHS management system, not just the hazards on the floor, but things like regulatory changes, workforce composition, contractor arrangements, and even cultural factors.

Worker Participation and Consultation

This is one of the most significant philosophical shifts. ISO 45001 places far greater emphasis on worker participation than OHSAS 18001 ever did. Clause 5.4 specifically requires organisations to establish processes for worker consultation and participation in OHS decisions. Workers must be involved in hazard identification, risk assessment, incident investigation, and the development of OHS objectives.

This is not a tick-box exercise. Auditors will look for genuine evidence that workers have been consulted and that their input has influenced decisions. A safety committee that meets once a year and produces minutes nobody reads will not satisfy this requirement.

Leadership and Commitment

ISO 45001 places accountability for the OHS management system squarely on top management, not just the safety officer. Clause 5.1 requires senior leaders to demonstrate active commitment, not just sign off on a policy. This includes ensuring the OHS system is integrated into business processes, that resources are provided, and that the system is reviewed at the leadership level.

Risk and Opportunity

OHSAS 18001 focused primarily on hazard identification and risk control. ISO 45001 takes a broader view by requiring organisations to also identify and act on opportunities, not just threats. This includes opportunities to improve OHS performance, reduce incidents, and enhance worker wellbeing. The risk-based thinking that underpins ISO 9001 is now embedded in ISO 45001 as well.

Step-by-Step Transition Process

Here is a practical, sequenced approach to transitioning from OHSAS 18001 to ISO 45001. The timeline will vary depending on your organisation's size, complexity, and how well your existing system is documented, but most businesses can complete this process within three to nine months.

Step 1: Conduct a Gap Analysis

Start by mapping your existing OHSAS 18001 system against the requirements of ISO 45001. A proper gap analysis will tell you what you already have, what needs to be updated, and what needs to be created from scratch.

Pay particular attention to the new requirements around context of the organisation, worker participation, and leadership commitment. These are the areas where most OHSAS 18001 systems fall short. You should also check whether your hazard identification and risk assessment processes meet the broader scope of ISO 45001, which includes legal and other requirements in a more integrated way than OHSAS 18001 did.

Document your findings clearly. A gap analysis is not just a planning tool. It also becomes evidence for your auditor that you approached the transition systematically.

Step 2: Update Your OHS Policy

Your existing OHS policy will likely need updating. ISO 45001 requires the policy to include specific commitments to provide safe and healthy working conditions, eliminate hazards, reduce OHS risks, consult and participate with workers, and continually improve the OHS management system. Review your current policy against Clause 5.2 and revise accordingly. For practical guidance on drafting this document, see our article on how to write an ISO 45001 OHS policy that passes audit.

Step 3: Address the Context Requirements

This is where many organisations spend the most time during transition. You need to document the internal and external issues that are relevant to your OHS management system, and identify the interested parties whose needs and expectations you must consider.

Internal issues might include things like workforce size and composition, existing safety culture, equipment condition, and management structure. External issues might include legislative requirements, industry standards, supply chain arrangements, and community expectations. Interested parties go beyond employees to include contractors, visitors, unions, regulators, and even local communities in some industries.

This does not need to be a lengthy document. A well-structured register or matrix that captures the key issues and links them to your OHS objectives is perfectly adequate.

Step 4: Strengthen Worker Participation Processes

Review how you currently consult with workers on OHS matters and be honest about whether it is genuinely participatory or just procedural. ISO 45001 requires workers to be involved in decisions that affect them, including hazard identification, incident investigation, and the setting of OHS objectives.

Practical ways to demonstrate this include toolbox talks with recorded attendance and outcomes, safety committee minutes that show worker input influencing decisions, documented feedback mechanisms, and evidence that workers have been involved in reviewing risk assessments for their own work areas.

For construction and high-risk industries, getting genuine worker participation in ISO 45001 implementation is particularly important, and we have a dedicated guide on how to get worker participation in ISO 45001 implementation that covers this in detail.

Step 5: Review and Update Risk Assessment Processes

Your existing hazard identification and risk assessment processes from OHSAS 18001 will form a solid foundation, but they need to be reviewed against ISO 45001's broader requirements. Specifically, you need to ensure your processes capture hazards related to emergency situations, changes in work arrangements, and the activities of contractors and visitors.

You also need to document how you determine legal and other requirements (Clause 6.1.3) and how these are integrated into your risk controls. Many OHSAS 18001 systems treated legal compliance as a separate register rather than integrating it into the risk management process. ISO 45001 expects a more connected approach.

Step 6: Update Objectives and Performance Monitoring

ISO 45001 requires OHS objectives to be consistent with the OHS policy, measurable, monitored, communicated, updated as appropriate, and documented. Review your existing objectives and check whether they meet these criteria. Vague objectives like “improve safety culture” without any measurable indicators will not satisfy an auditor.

Also review your performance monitoring arrangements. ISO 45001 requires both proactive and reactive monitoring. Proactive monitoring includes things like inspection frequencies, training completion rates, and near-miss reporting rates. Reactive monitoring covers incident rates, injury statistics, and corrective action closure times.

Step 7: Conduct Internal Audits Against ISO 45001

Before your transition audit with your certification body, run at least one full internal audit against ISO 45001. This is not the same as auditing against OHSAS 18001. Your internal auditors need to be familiar with the new standard's requirements, particularly the new clauses around context, leadership, and worker participation.

If your internal auditors have not been trained on ISO 45001, this is the time to address that. An internal audit that misses the new requirements gives you a false sense of readiness. For guidance on running internal audits that actually find problems, see our article on how to run ISO internal audits that actually find problems.

Step 8: Management Review

Conduct a formal management review that covers ISO 45001 requirements. This must include inputs such as the results of internal audits, worker participation outcomes, incident trends, OHS objectives performance, and any changes to the context of the organisation. The outputs must include decisions on continual improvement opportunities and any resource needs.

Document this review thoroughly. It is one of the key pieces of evidence your certification body auditor will look for during the transition audit.

Step 9: Engage Your Certification Body

Contact your existing certification body early in the transition process. Most accredited certification bodies will conduct a transition audit rather than a full initial certification audit, which reduces cost and time. The transition audit will typically assess your system against ISO 45001 requirements and verify that the gaps identified in your gap analysis have been addressed.

Ask your certification body specifically what their transition audit process involves, how many audit days they estimate, and what documentation they will expect to see. Different certification bodies handle transitions slightly differently, so clarity upfront avoids surprises.

Common Mistakes During the OHSAS 18001 to ISO 45001 Transition

Treating It as a Documentation Exercise

The most common mistake is updating documents without changing how the system actually operates. ISO 45001 is designed to be a living system that drives real OHS outcomes, not a folder of policies that sits on a shelf. Auditors are trained to look for evidence of implementation, not just documentation.

Ignoring the Leadership Requirements

Many organisations delegate the transition entirely to the safety officer or quality manager and assume top management just needs to sign off on the updated policy. That is not enough. ISO 45001 requires visible, active leadership commitment. If your CEO cannot speak to the OHS objectives or explain how the management system supports the business strategy, that will be noted during the audit.

Underestimating the Worker Participation Requirements

This catches a lot of organisations off guard. Simply having a safety committee is not sufficient evidence of worker participation under ISO 45001. You need to demonstrate that workers are genuinely involved in OHS decisions and that their input makes a difference. Build this into your processes from the start of the transition, not as an afterthought before the audit.

Not Updating the Scope

Review your certification scope as part of the transition. The scope of your ISO 45001 certification should accurately reflect the boundaries of your OHS management system. If your business has changed since your OHSAS 18001 certification, this is the right time to update the scope to reflect current operations.

How Long Does the Transition Take?

For a small to medium business with a reasonably well-documented OHSAS 18001 system, the transition typically takes three to six months of preparation followed by a transition audit. Larger organisations with multiple sites or complex contractor arrangements may need six to twelve months.

The key variables are how current your existing documentation is, how engaged your leadership team is, and how quickly you can implement the new requirements around context and worker participation. Organisations that try to rush the transition by treating it as a paperwork update tend to face non-conformances during the audit that extend the timeline anyway.

If you are also considering the broader benefits of ISO 45001 certification as part of your business case for investment in the transition, that article covers the commercial and operational advantages in detail.

What Does the Transition Audit Involve?

A transition audit is conducted by your certification body and typically follows a similar structure to a Stage 2 certification audit. The auditor will review your documented system, interview relevant staff including workers and managers, and observe operations where relevant.

The auditor will specifically focus on the new requirements of ISO 45001 that were not present in OHSAS 18001, particularly context, leadership, worker participation, and the integration of risk-based thinking. They will also verify that your gap analysis was thorough and that identified gaps have been addressed.

If non-conformances are raised, you will typically have a defined period to provide evidence of corrective action before the certificate is issued. Major non-conformances may require a follow-up audit visit.

To understand what ISO 45001 certification costs in Australia, including transition audit fees, that guide covers real pricing data from providers across the country.

Getting Support for Your Transition

Whether you handle the transition internally or bring in external help depends on the capability of your team and the complexity of your system. Organisations with experienced OHS professionals who understand ISO standards can often manage the transition with minimal external support. Smaller businesses or those without dedicated safety resources will generally benefit from working with an ISO consultant who has specific ISO 45001 experience.

If you do engage a consultant, make sure they have direct experience with ISO 45001 transitions, not just general ISO consulting experience. The nuances of the worker participation requirements and the context analysis are areas where inexperienced consultants often provide generic advice that does not hold up under audit scrutiny.

If you are looking for verified ISO consultants and certification bodies to support your ISO 45001 transition, CertBetter makes it straightforward. Submit one form and receive up to three competing quotes from vetted providers. The service is completely free for businesses, and every provider on the platform has been reviewed for credibility and relevant experience. It is a practical way to compare your options without spending hours on research.

Get 3 ISO Quotes. 24 Hours Response

Tell us what you need and compare vetted ISO consultants or certification bodies within 24 hours. Free, no obligation.

Trusted by 400+ businesses like yours

Frequently Asked Questions

No. OHSAS 18001 was officially withdrawn in March 2021, three years after ISO 45001 was published in 2018. Any organisation still claiming OHSAS 18001 certification is holding an invalid certificate. Accredited certification bodies no longer issue or renew OHSAS 18001 certificates, and the standard is not recognised by clients, regulators, or insurers as a current benchmark for occupational health and safety management.

Yes, if your organisation has experienced OHS professionals who are familiar with ISO management system requirements. The transition involves a gap analysis, documentation updates, process changes, internal audits, and a management review, all of which can be handled internally if the capability exists. However, many small to medium businesses find that an experienced ISO 45001 consultant significantly reduces the time and risk of non-conformances during the transition audit, making the investment worthwhile.

Transition audit costs vary depending on the size of your organisation, the number of sites, and the certification body you use. For a small business with a single site, a transition audit typically costs between $2,000 and $5,000 in Australia. Larger organisations with multiple sites or complex operations can expect higher fees. Your certification body should provide a clear quote before the audit, and it is worth comparing quotes from multiple accredited providers before committing.

If your organisation was certified to OHSAS 18001 and did not transition before the standard was withdrawn, your certification has lapsed. To regain certification, you would need to go through a full initial certification process under ISO 45001 rather than a simpler transition audit. This is more time-consuming and generally more expensive. Beyond the certification status, operating without a current OHS management system certification can affect your ability to win contracts, particularly in government and high-risk industries where certification is often a tender requirement.

The most significant differences are the requirements for understanding the context of the organisation, the emphasis on genuine worker participation and consultation, and the stronger accountability placed on top management rather than just the safety function. ISO 45001 also uses the High Level Structure that aligns with ISO 9001 and ISO 14001, making it easier to integrate with other management systems. The philosophical shift from a compliance-driven approach to one focused on proactive risk management and worker involvement is the defining change between the two standards.

Not necessarily. Your existing hazard identification and risk assessment records from OHSAS 18001 can be carried over, but they need to be reviewed and updated to meet ISO 45001 requirements. Specifically, you need to ensure your processes capture a broader range of hazards including those related to emergency situations and contractor activities, and that legal and other requirements are integrated into your risk controls rather than managed as a separate register. In most cases, updating and expanding your existing records is more efficient than starting from scratch.

Dilawar Laghari

Hi! I am Dilawar Laghari, founder of CertBetter.

I created CertBetter to help anyone compare ISO certification providers for free.