Is ISO 45001 certification mandatory for oil and gas companies in Australia?

ISO 45001 certification is not a legal requirement for oil and gas companies in Australia. However, it is increasingly required by major clients, joint venture partners, and government procurement processes. Offshore operators are subject to NOPSEMA's Safety Case requirements under the Offshore Petroleum and Greenhouse Gas Storage Act, which is a separate regulatory obligation. ISO 45001 certification is a strong demonstration of a systematic approach to safety management and is widely recognised across the global oil and gas industry as a baseline expectation for serious operators.

How long does it take to implement ISO 45001 in an oil and gas company?

For a mid-sized oil and gas company with multiple sites, complex operations, and a significant contractor workforce, a realistic implementation timeline is between six and twelve months. Smaller single-site operations may achieve certification in four to six months if they have existing safety management systems to build on. The timeline depends heavily on the maturity of your current safety practices, the complexity of your hazard profile, and the availability of internal resources to lead the implementation.

Can ISO 45001 be integrated with ISO 14001 and ISO 9001 for oil and gas?

Yes, and for most oil and gas companies this is the recommended approach. All three standards share the same High Level Structure, which means their core requirements around context, leadership, planning, support, operations, performance evaluation, and improvement follow the same framework. An integrated management system reduces documentation duplication, allows for combined internal audits, and presents a more coherent picture of your overall management approach to clients, regulators, and certification auditors.

How does ISO 45001 address contractor management in oil and gas?

ISO 45001 requires organisations to manage the OH&S performance of all workers under their control, which explicitly includes contractors and subcontractors. This means you need documented processes for contractor pre-qualification, site induction, ongoing performance monitoring, and incident reporting. Simply requiring contractors to hold their own safety certifications is not sufficient. You must be able to demonstrate active oversight of contractor safety performance as part of your operational controls under Clause 8 of the standard.

What is the difference between ISO 45001 and a NOPSEMA Safety Case?

A NOPSEMA Safety Case is a specific regulatory requirement for offshore petroleum facilities under Australian law. It requires operators to demonstrate that major accident hazards have been identified and that risks are reduced to as low as reasonably practicable. ISO 45001 is a voluntary international management system standard that provides a framework for managing occupational health and safety across all activities. The two are complementary rather than interchangeable. ISO 45001 provides much of the underlying system infrastructure that supports a Safety Case, but it does not satisfy the Safety Case requirement on its own.

How much does ISO 45001 certification cost for an oil and gas company?

Certification costs for oil and gas companies vary considerably depending on the number of sites, workforce size, operational complexity, and whether you engage an external consultant. For a single-site operation, total costs including consultant fees and certification body fees might range from $15,000 to $40,000. Multi-site or offshore operations with complex contractor management requirements can cost significantly more. The best approach is to get competing quotes from multiple providers so you can compare scope and pricing. Platforms like CertBetter make it straightforward to receive multiple quotes from vetted providers without spending weeks making individual enquiries.

ISO 45001 Certification for Oil and Gas Companies

Why ISO 45001 Matters More in Oil and Gas Than Almost Any Other Industry

If you work in oil and gas, you already know the stakes. Workers operate in environments where a single procedural failure can result in fatalities, catastrophic equipment damage, or an environmental disaster that makes headlines for years. Occupational health and safety is not a compliance checkbox in this industry. It is a core business function.

On this page

ISO 45001 certification for oil and gas companies provides a structured, internationally recognised framework for managing those risks. But this standard is not a generic safety manual you can apply the same way across every industry. In oil and gas, the implementation demands a level of rigour and sector-specific thinking that many businesses underestimate before they start.

This guide covers what ISO 45001 actually requires in the context of oil and gas operations, how to build a system that will hold up under audit, and what to watch out for during the certification process.

What Is ISO 45001 and Why Was It Designed to Replace OHSAS 18001?

ISO 45001 is the international standard for Occupational Health and Safety Management Systems (OH&S MS). It was published in 2018 and replaced OHSAS 18001, which had been the dominant safety management framework for nearly two decades.

The key difference is not just structure. ISO 45001 adopts the High Level Structure (HLS) used by all modern ISO management system standards, which means it integrates far more naturally with ISO 9001 (quality) and ISO 14001 (environment). For oil and gas companies already holding those certifications, that integration is a significant practical advantage.

More importantly, ISO 45001 places a much stronger emphasis on leadership commitment, worker participation, and proactive risk management rather than simply reacting to incidents after they occur. That shift in philosophy is exactly what the oil and gas sector needs. Understanding why OHSAS 18001 changed to ISO 45001 helps you appreciate what the new framework is actually trying to achieve.

Get 3 ISO Quotes. 24 Hours Response

Tell us what you need and compare vetted ISO consultants or certification bodies within 24 hours. Free, no obligation.

Trusted by 400+ businesses like yours

The Unique Hazard Profile of Oil and Gas Operations

Before you can build a compliant OH&S management system, you need to understand what makes oil and gas different from, say, a construction site or a food processing facility. The hazard profile is broader, more complex, and in many cases, more severe.

Physical and Process Safety Hazards

Upstream operations involve drilling, well completion, and production activities where workers face risks from blowouts, high-pressure systems, hydrogen sulphide (H2S) exposure, and hydrocarbon fires. Midstream operations covering pipelines and processing plants introduce risks around pressurised systems, confined spaces, and rotating equipment. Downstream refining adds chemical exposure, high-temperature processes, and complex process safety scenarios.

Each of these environments requires specific hazard identification methods. A generic risk register will not cut it. Your ISO 45001 system needs to reflect the actual hazards present in your specific operations.

Remote and Offshore Work Environments

Many oil and gas workers operate in remote onshore locations or offshore platforms where emergency response times are measured in hours, not minutes. This changes everything about how you plan for incident response, medical emergencies, and evacuation procedures. Your OH&S management system must account for the isolation factor explicitly, not just reference it in passing.

Contractor and Subcontractor Management

In oil and gas, the majority of the workforce on any given site is often made up of contractors and subcontractors. This creates a complex web of responsibilities. ISO 45001 requires you to manage the OH&S performance of workers under your control, which includes contractors. Many companies get caught out at audit because their contractor management processes are either too vague or not actually being followed in practice.

How ISO 45001 Applies to Oil and Gas: Key Clauses to Focus On

The standard has ten clauses. For oil and gas companies, several of these demand particular attention because of how the industry operates.

Clause 4: Context of the Organisation

You need to define the internal and external factors that affect your OH&S management system. For oil and gas, this includes regulatory requirements from bodies like Safe Work Australia, the National Offshore Petroleum Safety and Environmental Management Authority (NOPSEMA) for offshore operations, and relevant state-based work health and safety legislation. It also includes factors like commodity price volatility affecting workforce levels, geopolitical risks in international operations, and community expectations around safety culture.

Clause 5: Leadership and Worker Participation

ISO 45001 is unusually explicit about the role of top management. Senior leaders must demonstrate visible commitment, not just sign off on a policy document. In oil and gas, this means executives and site managers actively participating in safety walks, toolbox talks, and incident reviews. Worker participation is equally non-negotiable. Frontline workers must have genuine mechanisms to raise safety concerns without fear of reprisal, and those mechanisms must be documented and actively used.

Clause 6: Planning and Risk Assessment

This is where oil and gas companies need to invest the most effort. Your hazard identification process must be systematic and cover all routine and non-routine activities, including maintenance shutdowns, start-up and commissioning activities, and emergency scenarios. Bow-tie analysis, job safety analysis (JSA), and process hazard analysis (PHA) are all tools commonly used in the sector that align well with what ISO 45001 requires here.

Legal compliance obligations are also part of Clause 6. You need a process for identifying applicable legislation, tracking changes, and ensuring your system remains compliant. The beginner guide to ISO 45001 implementation provides a useful overview of how these clauses work together for organisations new to the standard.

Clause 8: Operational Planning and Control

For oil and gas, Clause 8 covers the day-to-day controls that keep people safe. This includes permit-to-work systems, management of change (MOC) procedures, emergency preparedness and response plans, and the management of contractors and visitors. Your system needs to show that these controls are not just documented but actively implemented and monitored.

One area that regularly causes problems at audit is the management of change. When you modify a process, install new equipment, or change a procedure, there must be a formal assessment of the OH&S implications before the change is implemented. Many oil and gas companies have robust MOC processes on paper but struggle to demonstrate consistent application in practice.

Clause 9: Performance Evaluation

You need leading and lagging indicators. Lagging indicators like lost time injury frequency rates (LTIFR) and total recordable incident rates (TRIR) are standard in the industry. But ISO 45001 pushes you toward leading indicators as well, things like near-miss reporting rates, safety observation completion rates, and the percentage of corrective actions closed on time. Internal audits must cover the entire scope of your system, and management reviews must be substantive, not just a formality.

Integrating ISO 45001 With Other Management Systems

Most oil and gas companies of any significant size will already hold, or be working toward, certifications in ISO 14001 (environmental management) and ISO 9001 (quality management). The HLS structure of ISO 45001 makes integration genuinely practical rather than just theoretically possible.

An integrated management system (IMS) allows you to maintain a single set of core documentation, run combined internal audits, and conduct unified management reviews. This reduces administrative overhead significantly. It also means that when an auditor looks at your system, they see a coherent approach to managing your business rather than three separate compliance exercises running in parallel.

If you are planning an integrated approach, the auditor guide to integrated management systems is worth reading before you start designing your documentation structure. Getting the architecture right from the beginning saves a significant amount of rework later.

ISO 55001 (asset management) is also increasingly relevant for oil and gas companies managing large physical asset bases. Aligning your OH&S system with your asset management framework ensures that safety considerations are embedded in asset lifecycle decisions, not treated as an afterthought.

The Certification Process: What to Expect

Achieving ISO 45001 certification involves two formal audit stages conducted by an accredited certification body.

Stage 1 Audit: Documentation and Readiness Review

The Stage 1 audit is primarily a desk review. The auditor will examine your OH&S management system documentation, confirm that the scope is appropriate for your operations, and identify any significant gaps before the Stage 2 audit. For oil and gas companies, this is where auditors commonly find that hazard identification processes are not comprehensive enough, or that contractor management documentation does not reflect actual practice on site.

Preparing thoroughly for Stage 1 is worth the effort. The eight things to do before a Stage 1 readiness audit gives you a practical checklist to work through before the auditor arrives.

Stage 2 Audit: Implementation Verification

The Stage 2 audit is where the auditor verifies that your system is actually working in practice. For oil and gas, this typically involves site visits, interviews with workers at all levels, and a review of records including incident reports, near-miss logs, corrective action registers, and training records. The auditor will want to see evidence that your system is embedded in daily operations, not just documented in a folder.

Expect the auditor to spend time in the field, talking to frontline workers and supervisors. If your workers cannot explain the OH&S management system or their role within it, that is a finding. Preparation of your workforce is just as important as preparation of your documentation.

Surveillance and Recertification Audits

Once certified, you will undergo annual surveillance audits and a full recertification audit every three years. For oil and gas companies with multiple sites or complex operations, the scope and duration of these audits can be substantial. Factor this into your ongoing compliance budget.

Common Mistakes Oil and Gas Companies Make During Implementation

Having worked through many ISO 45001 implementations in high-hazard industries, certain patterns come up repeatedly.

Treating it as a documentation exercise. The biggest mistake is building a system that looks good on paper but does not reflect how work actually gets done. Auditors are experienced at spotting the gap between documented procedures and actual practice. If your permit-to-work procedure says one thing and workers on site are doing another, you will receive nonconformances.

Underestimating contractor management. As noted earlier, contractors are often the majority of your workforce. Your system must actively manage their OH&S performance, not just require them to submit their own safety documentation at the start of a contract.

Weak incident investigation processes. ISO 45001 requires root cause analysis of incidents and near misses, and evidence that corrective actions have been implemented and verified. Many companies have good incident reporting rates but poor investigation quality. The standard wants you to understand why incidents happen, not just record that they happened.

Insufficient worker participation. Toolbox talks that workers attend but do not contribute to do not meet the spirit of the standard. You need genuine two-way communication and evidence that worker input is considered in safety decisions.

Choosing a certification body without oil and gas experience. Certification bodies sometimes struggle with niche industries, and oil and gas is technically demanding enough that you want an auditor who understands process safety, not just generic OH&S principles. Ask your certification body about their auditors' industry experience before you commit.

Regulatory Alignment in Australia

For Australian oil and gas operators, ISO 45001 certification does not replace your obligations under state and territory work health and safety legislation or the offshore-specific requirements administered by NOPSEMA under the Offshore Petroleum and Greenhouse Gas Storage Act. What it does is provide a recognised framework that demonstrates a systematic approach to managing those obligations.

NOPSEMA requires offshore petroleum facilities to have a Safety Case that demonstrates major hazard risks are reduced to as low as reasonably practicable (ALARP). ISO 45001 is not a substitute for a Safety Case, but a well-implemented OH&S management system provides much of the underlying infrastructure that a Safety Case draws on. Regulators generally view ISO 45001 certification favourably as evidence of a mature safety culture, even if it is not a formal regulatory requirement.

How to Choose the Right ISO Consultant for Oil and Gas

Given the technical complexity of oil and gas operations, choosing a consultant with genuine industry experience is not optional. A consultant who has only worked in office-based industries will not understand the nuances of process safety, permit-to-work systems, or offshore emergency response planning.

When evaluating consultants, ask specifically about their experience with high-hazard industries, their familiarity with NOPSEMA requirements if you operate offshore, and whether they have supported companies through certification audits in the sector. References from similar organisations are worth requesting.

Be cautious of consultants who promise very short implementation timelines for complex operations. A credible ISO 45001 implementation for a mid-sized oil and gas company with multiple sites and a large contractor workforce typically takes six to twelve months. Anyone promising three months should be asked to explain exactly how they plan to achieve that without cutting corners.

If you are finding it difficult to identify consultants with the right background, CertBetter can help. The platform connects oil and gas businesses with verified ISO consultants and accredited certification bodies who have relevant industry experience. You submit one form and receive up to three competing quotes from vetted providers, at no cost to your business.